svn rev #24219: branches/camellia-ccm/src/ include/ include/krb5/ lib/crypto/ ...
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Jul 29 17:17:30 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24219
Commit By: ghudson
Log Message:
Merge and edit some of the changes from r23983 of trunk to r24216 of
users/lhoward/camellia-ccm. Keep only the code for the camellia-ccm
enctypes, not camellia-cts or aes-ccm or camellia/aes-gcm.
Changed Files:
U branches/camellia-ccm/src/configure.in
U branches/camellia-ccm/src/include/k5-int.h
U branches/camellia-ccm/src/include/krb5/krb5.hin
U branches/camellia-ccm/src/lib/crypto/Makefile.in
U branches/camellia-ccm/src/lib/crypto/builtin/Makefile.in
A branches/camellia-ccm/src/lib/crypto/builtin/camellia/
U branches/camellia-ccm/src/lib/crypto/builtin/des/d3_aead.c
U branches/camellia-ccm/src/lib/crypto/builtin/des/f_aead.c
U branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/Makefile.in
U branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/aes.c
A branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/camellia_ctr.c
U branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/enc_provider.h
U branches/camellia-ccm/src/lib/crypto/crypto_tests/Makefile.in
A branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-expect-vt.txt
A branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-test.c
U branches/camellia-ccm/src/lib/crypto/crypto_tests/t_encrypt.c
U branches/camellia-ccm/src/lib/crypto/crypto_tests/t_short.c
U branches/camellia-ccm/src/lib/crypto/krb/Makefile.in
U branches/camellia-ccm/src/lib/crypto/krb/aead.c
U branches/camellia-ccm/src/lib/crypto/krb/aead.h
U branches/camellia-ccm/src/lib/crypto/krb/checksum/Makefile.in
A branches/camellia-ccm/src/lib/crypto/krb/checksum/cmac.c
U branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.c
U branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.h
U branches/camellia-ccm/src/lib/crypto/krb/dk/Makefile.in
D branches/camellia-ccm/src/lib/crypto/krb/dk/checksum.c
A branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_cmac.c
A branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_hmac.c
U branches/camellia-ccm/src/lib/crypto/krb/dk/derive.c
U branches/camellia-ccm/src/lib/crypto/krb/dk/dk.h
U branches/camellia-ccm/src/lib/crypto/krb/dk/dk_aead.c
A branches/camellia-ccm/src/lib/crypto/krb/dk/dk_ccm.c
U branches/camellia-ccm/src/lib/crypto/krb/dk/stringtokey.c
U branches/camellia-ccm/src/lib/crypto/krb/etypes.c
U branches/camellia-ccm/src/lib/crypto/krb/prf/Makefile.in
A branches/camellia-ccm/src/lib/crypto/krb/prf/cmac_prf.c
U branches/camellia-ccm/src/lib/crypto/krb/prf/prf_int.h
U branches/camellia-ccm/src/lib/crypto/krb/rand2key/Makefile.in
A branches/camellia-ccm/src/lib/crypto/krb/rand2key/camellia_rand2key.c
U branches/camellia-ccm/src/lib/crypto/krb/rand2key/rand2key.h
U branches/camellia-ccm/src/lib/crypto/libk5crypto.exports
A branches/camellia-ccm/src/lib/crypto/openssl/camellia/
U branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/Makefile.in
A branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/camellia_ctr.c
U branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/enc_provider.h
U branches/camellia-ccm/src/lib/krb5/krb/init_ctx.c
U branches/camellia-ccm/src/lib/krb5/krb/t_etypes.c
U branches/camellia-ccm/src/tests/dejagnu/config/default.exp
U branches/camellia-ccm/src/util/collected-client-lib/Makefile.in
U branches/camellia-ccm/src/util/k5test.py
U branches/camellia-ccm/src/windows/identity/plugins/krb5/datarep.c
U branches/camellia-ccm/src/windows/identity/plugins/krb5/lang/en_us/langres.rc
Modified: branches/camellia-ccm/src/configure.in
===================================================================
--- branches/camellia-ccm/src/configure.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/configure.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -1084,7 +1084,7 @@
lib/crypto/$CRYPTO_IMPL lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5
lib/crypto/krb/old lib/crypto/krb/raw lib/crypto/$CRYPTO_IMPL/sha1
lib/crypto/krb/arcfour lib/crypto/krb/yarrow lib/crypto/$CRYPTO_IMPL/aes
- lib/crypto/crypto_tests
+ lib/crypto/$CRYPTO_IMPL/camellia lib/crypto/crypto_tests
lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
dnl lib/krb5/ccache/ccapi
Modified: branches/camellia-ccm/src/include/k5-int.h
===================================================================
--- branches/camellia-ccm/src/include/k5-int.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/include/k5-int.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -2554,6 +2554,11 @@
krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
size_t num_data);
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key, const krb5_crypto_iov *data,
+ size_t num_data, const krb5_data *iv,
+ krb5_data *output);
+
struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
const struct _krb5_kt_ops *ops;
Modified: branches/camellia-ccm/src/include/krb5/krb5.hin
===================================================================
--- branches/camellia-ccm/src/include/krb5/krb5.hin 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/include/krb5/krb5.hin 2010-07-29 21:17:30 UTC (rev 24219)
@@ -421,6 +421,8 @@
#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
#define ENCTYPE_ARCFOUR_HMAC 0x0017
#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
+#define ENCTYPE_CAMELLIA128_CCM_128 -66 /* Camellia CCM mode, 128-bit key */
+#define ENCTYPE_CAMELLIA256_CCM_128 -67 /* Camellia CCM mode, 256-bit key */
#define ENCTYPE_UNKNOWN 0x01ff
#define CKSUMTYPE_CRC32 0x0001
@@ -435,6 +437,8 @@
#define CKSUMTYPE_HMAC_SHA1_DES3 0x000c
#define CKSUMTYPE_HMAC_SHA1_96_AES128 0x000f
#define CKSUMTYPE_HMAC_SHA1_96_AES256 0x0010
+#define CKSUMTYPE_CMAC_128_CAMELLIA128 -66 /* CMAC, 128-bit Camellia key */
+#define CKSUMTYPE_CMAC_128_CAMELLIA256 -67 /* CMAC, 256-bit Camellia key */
#define CKSUMTYPE_MD5_HMAC_ARCFOUR -137 /*Microsoft netlogon cksumtype*/
#define CKSUMTYPE_HMAC_MD5_ARCFOUR -138 /*Microsoft md5 hmac cksumtype*/
Modified: branches/camellia-ccm/src/lib/crypto/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -27,7 +27,7 @@
@CRYPTO_IMPL@/sha1/OBJS.ST \
krb/arcfour/OBJS.ST \
@CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
- krb/OBJS.ST \
+ @CRYPTO_IMPL@/camellia/OBJS.ST krb/OBJS.ST \
@CRYPTO_IMPL@/OBJS.ST
SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST \
@@ -39,7 +39,7 @@
@CRYPTO_IMPL@/sha1/OBJS.ST \
krb/arcfour/OBJS.ST \
@CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST \
- krb/OBJS.ST \
+ @CRYPTO_IMPL@/camellia/OBJS.ST krb/OBJS.ST \
@CRYPTO_IMPL@/OBJS.ST
# No dependencies. Record places to find this shared object if the target
Modified: branches/camellia-ccm/src/lib/crypto/builtin/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/builtin/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/builtin/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -1,10 +1,11 @@
mydir=lib/crypto/builtin
BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS=des aes md4 md5 sha1 enc_provider hash_provider
+SUBDIRS=camellia des aes md4 md5 sha1 enc_provider hash_provider
LOCALINCLUDES = -I$(srcdir)/../krb \
-I$(srcdir)/../krb/hash_provider \
-I$(srcdir)/des \
-I$(srcdir)/aes \
+ -I$(srcdir)/camellia \
-I$(srcdir)/sha1 \
-I$(srcdir)/md4 \
-I$(srcdir)/md5 \
@@ -21,8 +22,8 @@
##DOSBUILDTOP = ..\..\..
##DOSLIBNAME=$(OUTPRE)crypto.lib
##DOSOBJFILE=$(OUTPRE)crypto.lst
-##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
-##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
+##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst $(OUTPRE)camellia.lst
+##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst $(OUTPRE)camellia.lst
STLIBOBJS=\
hmac.o \
@@ -41,13 +42,15 @@
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
aes/OBJS.ST \
+ camellia/OBJS.ST \
OBJS.ST
SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST \
md5/OBJS.ST sha1/OBJS.ST \
enc_provider/OBJS.ST \
hash_provider/OBJS.ST \
- aes/OBJS.ST
+ aes/OBJS.ST \
+ camellia/OBJS.ST
##DOS##LIBOBJS = $(OBJS)
@@ -92,6 +95,9 @@
cd ..\aes
@echo Making in crypto\aes
$(MAKE) -$(MFLAGS)
+ cd ..\camellia
+ @echo Making in crypto\camellia
+ $(MAKE) -$(MFLAGS)
cd ..
clean-windows::
@@ -116,6 +122,9 @@
cd ..\aes
@echo Making clean in crypto\aes
$(MAKE) -$(MFLAGS) clean
+ cd ..\camellia
+ @echo Making clean in crypto\camellia
+ $(MAKE) -$(MFLAGS) clean
cd ..
check-windows::
@@ -140,6 +149,9 @@
cd ..\aes
@echo Making check in crypto\aes
$(MAKE) -$(MFLAGS) check
+ cd ..\camellia
+ @echo Making check in crypto\camellia
+ $(MAKE) -$(MFLAGS) check
cd ..
Modified: branches/camellia-ccm/src/lib/crypto/builtin/des/d3_aead.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/builtin/des/d3_aead.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/builtin/des/d3_aead.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -56,9 +56,8 @@
for (;;) {
unsigned DES_INT32 temp;
- ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
- &input_pos);
- if (ptr == NULL)
+ if (!krb5int_c_iov_get_block_nocopy(storage, MIT_DES_BLOCK_LENGTH,
+ data, num_data, &input_pos, &ptr))
break;
block = ptr;
@@ -76,8 +75,9 @@
PUT_HALF_BLOCK(left, ptr);
PUT_HALF_BLOCK(right, ptr);
- iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
- &output_pos);
+ krb5int_c_iov_put_block_nocopy(data, num_data, storage,
+ MIT_DES_BLOCK_LENGTH, &output_pos,
+ block);
}
if (ivec != NULL && block != NULL) {
@@ -123,9 +123,8 @@
/* Work the length down 8 bytes at a time. */
for (;;) {
- ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
- &input_pos);
- if (ptr == NULL)
+ if (!krb5int_c_iov_get_block_nocopy(storage, MIT_DES_BLOCK_LENGTH,
+ data, num_data, &input_pos, &ptr))
break;
block = ptr;
@@ -151,8 +150,9 @@
ocipherl = cipherl;
ocipherr = cipherr;
- iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
- &output_pos);
+ krb5int_c_iov_put_block_nocopy(data, num_data, storage,
+ MIT_DES_BLOCK_LENGTH, &output_pos,
+ block);
}
if (ivec != NULL && block != NULL) {
Modified: branches/camellia-ccm/src/lib/crypto/builtin/des/f_aead.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/builtin/des/f_aead.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/builtin/des/f_aead.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -54,9 +54,8 @@
for (;;) {
unsigned DES_INT32 temp;
- ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
- &input_pos);
- if (ptr == NULL)
+ if (!krb5int_c_iov_get_block_nocopy(storage, MIT_DES_BLOCK_LENGTH,
+ data, num_data, &input_pos, &ptr))
break;
block = ptr;
@@ -66,14 +65,15 @@
GET_HALF_BLOCK(temp, ptr);
right ^= temp;
- /* Encrypt what we have and store back into block. */
+ /* Encrypt what we have and put back into block. */
DES_DO_ENCRYPT(left, right, kp);
ptr = block;
PUT_HALF_BLOCK(left, ptr);
PUT_HALF_BLOCK(right, ptr);
- iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
- &output_pos);
+ krb5int_c_iov_put_block_nocopy(data, num_data, storage,
+ MIT_DES_BLOCK_LENGTH, &output_pos,
+ block);
}
if (ivec != NULL && block != NULL) {
@@ -115,9 +115,8 @@
/* Work the length down 8 bytes at a time. */
for (;;) {
- ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
- &input_pos);
- if (ptr == NULL)
+ if (!krb5int_c_iov_get_block_nocopy(storage, MIT_DES_BLOCK_LENGTH,
+ data, num_data, &input_pos, &ptr))
break;
block = ptr;
@@ -141,8 +140,9 @@
ocipherl = cipherl;
ocipherr = cipherr;
- iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
- &output_pos);
+ krb5int_c_iov_put_block_nocopy(data, num_data, storage,
+ MIT_DES_BLOCK_LENGTH, &output_pos,
+ block);
}
if (ivec != NULL && block != NULL) {
@@ -178,9 +178,8 @@
for (;;) {
unsigned DES_INT32 temp;
- ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
- &input_pos);
- if (ptr == NULL)
+ if (!krb5int_c_iov_get_block_nocopy(storage, MIT_DES_BLOCK_LENGTH,
+ data, num_data, &input_pos, &ptr))
break;
block = ptr;
Modified: branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -3,6 +3,7 @@
LOCALINCLUDES = -I$(srcdir)/../des \
-I$(srcdir)/../arcfour \
-I$(srcdir)/../aes \
+ -I$(srcdir)/../camellia \
-I$(srcdir)/../../krb \
-I$(srcdir)/../../krb/rand2key \
-I$(srcdir)/.. -I$(srcdir)/.
@@ -19,18 +20,21 @@
des.o \
des3.o \
rc4.o \
- aes.o
+ aes.o \
+ camellia_ctr.o
OBJS= \
$(OUTPRE)des.$(OBJEXT) \
$(OUTPRE)des3.$(OBJEXT) \
$(OUTPRE)aes.$(OBJEXT) \
+ $(OUTPRE)camellia_ctr.$(OBJEXT) \
$(OUTPRE)rc4.$(OBJEXT)
SRCS= \
$(srcdir)/des.c \
$(srcdir)/des3.c \
$(srcdir)/aes.c \
+ $(srcdir)/camellia_ctr.c\
$(srcdir)/rc4.c
##DOS##LIBOBJS = $(OBJS)
Modified: branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/aes.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/aes.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/aes.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -132,12 +132,12 @@
for (blockno = 0; blockno < nblocks - 2; blockno++) {
unsigned char blockN[BLOCK_SIZE], *block;
- block = iov_next_block(blockN, BLOCK_SIZE, data, num_data,
- &input_pos);
+ krb5int_c_iov_get_block_nocopy(blockN, BLOCK_SIZE,
+ data, num_data, &input_pos, &block);
xorblock(tmp, block);
enc(block, tmp, &CACHE(key)->enc_ctx);
- iov_store_block(data, num_data, block, blockN, BLOCK_SIZE,
- &output_pos);
+ krb5int_c_iov_put_block_nocopy(data, num_data, blockN, BLOCK_SIZE,
+ &output_pos, block);
/* Set up for next block. */
memcpy(tmp, block, BLOCK_SIZE);
@@ -228,14 +228,14 @@
for (blockno = 0; blockno < nblocks - 2; blockno++) {
unsigned char blockN[BLOCK_SIZE], *block;
- block = iov_next_block(blockN, BLOCK_SIZE, data, num_data,
- &input_pos);
+ krb5int_c_iov_get_block_nocopy(blockN, BLOCK_SIZE,
+ data, num_data, &input_pos, &block);
memcpy(tmp2, block, BLOCK_SIZE);
dec(block, block, &CACHE(key)->dec_ctx);
xorblock(block, tmp);
memcpy(tmp, tmp2, BLOCK_SIZE);
- iov_store_block(data, num_data, block, blockN, BLOCK_SIZE,
- &output_pos);
+ krb5int_c_iov_put_block_nocopy(data, num_data, blockN, BLOCK_SIZE,
+ &output_pos, block);
}
/* Do last two blocks, the second of which (next-to-last block
Copied: branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/camellia_ctr.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/builtin/enc_provider/camellia_ctr.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/camellia_ctr.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/camellia_ctr.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,209 @@
+/*
+ * lib/crypto/builtin/enc_provider/camellia_ctr.c
+ *
+ * Copyright (C) 2003, 2007-2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "enc_provider.h"
+#include "camellia.h"
+#include <aead.h>
+#include <rand2key.h>
+
+static void
+xorblock(unsigned char *out, const unsigned char *in)
+{
+ int z;
+ for (z = 0; z < BLOCK_SIZE/4; z++) {
+ unsigned char *outptr = &out[z*4];
+ unsigned char *inptr = (unsigned char *)&in[z*4];
+ /*
+ * Use unaligned accesses. On x86, this will probably still be faster
+ * than multiple byte accesses for unaligned data, and for aligned data
+ * should be far better. (One test indicated about 2.4% faster
+ * encryption for 1024-byte messages.)
+ *
+ * If some other CPU has really slow unaligned-word or byte accesses,
+ * perhaps this function (or the load/store helpers?) should test for
+ * alignment first.
+ *
+ * If byte accesses are faster than unaligned words, we may need to
+ * conditionalize on CPU type, as that may be hard to determine
+ * automatically.
+ */
+ store_32_n (load_32_n(outptr) ^ load_32_n(inptr), outptr);
+ }
+}
+
+/* Get the current counter block number from the IV */
+static inline void getctrblockno(krb5_ui_8 *pblockno,
+ const unsigned char ctr[BLOCK_SIZE])
+{
+ *pblockno = load_64_be(&ctr[BLOCK_SIZE - 8]);
+}
+
+/* Store the current counter block number in the IV */
+static inline void putctrblockno(krb5_ui_8 blockno,
+ unsigned char ctr[BLOCK_SIZE])
+{
+ store_64_be(blockno, &ctr[BLOCK_SIZE - 8]);
+}
+
+/*
+ * ivec must be a correctly formatted counter block per SP800-38C A.3
+ */
+static krb5_error_code
+krb5int_camellia_encrypt_ctr(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ camellia_ctx ctx;
+ unsigned char ctr[BLOCK_SIZE];
+ krb5_ui_8 blockno;
+ struct iov_block_state input_pos, output_pos;
+
+ if (camellia_enc_key(key->keyblock.contents,
+ key->keyblock.length, &ctx) != camellia_good)
+ abort();
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ /* Don't encrypt the header (B0), and use zero instead of IOV padding */
+ input_pos.ignore_header = output_pos.ignore_header = 1;
+ input_pos.pad_to_boundary = output_pos.pad_to_boundary = 1;
+
+ assert(ivec != NULL);
+
+ if (ivec->length != BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+ memcpy(ctr, ivec->data, BLOCK_SIZE);
+
+ getctrblockno(&blockno, ctr);
+
+ for (;;) {
+ unsigned char storage[BLOCK_SIZE], *block;
+ unsigned char ectr[BLOCK_SIZE];
+
+ if (!krb5int_c_iov_get_block_nocopy(storage, BLOCK_SIZE,
+ data, num_data, &input_pos, &block))
+ break;
+
+ if (camellia_enc_blk(ctr, ectr, &ctx) != camellia_good)
+ abort();
+
+ xorblock(block, ectr);
+ krb5int_c_iov_put_block_nocopy(data, num_data, storage, BLOCK_SIZE,
+ &output_pos, block);
+ putctrblockno(++blockno, ctr);
+ }
+
+ if (ivec != NULL)
+ memcpy(ivec->data, ctr, sizeof(ctr));
+
+ return 0;
+}
+
+krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key,
+ const krb5_crypto_iov *data,
+ size_t num_data,
+ const krb5_data *iv,
+ krb5_data *output)
+{
+ camellia_ctx ctx;
+ unsigned char blockY[BLOCK_SIZE];
+ struct iov_block_state iov_state;
+
+ if (output->length < BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+ if (camellia_enc_key(key->keyblock.contents,
+ key->keyblock.length, &ctx) != camellia_good)
+ abort();
+
+ if (iv != NULL)
+ memcpy(blockY, iv->data, BLOCK_SIZE);
+ else
+ memset(blockY, 0, BLOCK_SIZE);
+
+ IOV_BLOCK_STATE_INIT(&iov_state);
+
+ /*
+ * The CCM header may not fit in a block, because it includes a variable
+ * length encoding of the associated data length. This encoding plus the
+ * associated data itself is padded to the block size.
+ */
+ iov_state.include_sign_only = 1;
+ iov_state.pad_to_boundary = 1;
+
+ for (;;) {
+ unsigned char blockB[BLOCK_SIZE];
+
+ if (!krb5int_c_iov_get_block(blockB, BLOCK_SIZE, data, num_data, &iov_state))
+ break;
+
+ xorblock(blockB, blockY);
+
+ if (camellia_enc_blk(blockB, blockY, &ctx) != camellia_good)
+ abort();
+ }
+
+ output->length = BLOCK_SIZE;
+ memcpy(output->data, blockY, BLOCK_SIZE);
+
+ return 0;
+}
+
+static krb5_error_code
+krb5int_camellia_init_state_ctr (const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_data *state)
+{
+ return alloc_data(state, 16);
+}
+
+const struct krb5_enc_provider krb5int_enc_camellia128_ctr = {
+ 16,
+ 16, 16,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ krb5int_camellia_init_state_ctr,
+ krb5int_default_free_state,
+ NULL
+};
+
+const struct krb5_enc_provider krb5int_enc_camellia256_ctr = {
+ 16,
+ 32, 32,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ krb5int_camellia_init_state_ctr,
+ krb5int_default_free_state,
+ NULL
+};
Modified: branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/enc_provider.h
===================================================================
--- branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/enc_provider.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/builtin/enc_provider/enc_provider.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -32,5 +32,5 @@
extern const struct krb5_enc_provider krb5int_enc_arcfour;
extern const struct krb5_enc_provider krb5int_enc_aes128;
extern const struct krb5_enc_provider krb5int_enc_aes256;
-extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
-extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
+extern const struct krb5_enc_provider krb5int_enc_camellia128_ctr;
+extern const struct krb5_enc_provider krb5int_enc_camellia256_ctr;
Modified: branches/camellia-ccm/src/lib/crypto/crypto_tests/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/crypto_tests/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/crypto_tests/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -7,7 +7,8 @@
-I$(srcdir)/../krb/crc32 -I$(srcdir)/../krb/old -I$(srcdir)/../krb/raw \
-I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/../@CRYPTO_IMPL@/des \
-I$(srcdir)/../@CRYPTO_IMPL@/arcfour -I$(srcdir)/../@CRYPTO_IMPL@/sha1 \
- -I$(srcdir)/../@CRYPTO_IMPL@/md5 -I$(srcdir)/../@CRYPTO_IMPL@/md4
+ -I$(srcdir)/../@CRYPTO_IMPL@/md5 -I$(srcdir)/../@CRYPTO_IMPL@/md4 \
+ -I$(srcdir)/../@CRYPTO_IMPL@/camellia
RUN_SETUP = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
@@ -23,6 +24,7 @@
$(srcdir)/t_cts.c \
$(srcdir)/vectors.c \
$(srcdir)/aes-test.c \
+ $(srcdir)/camellia-test.c \
$(srcdir)/t_cksum.c \
$(srcdir)/t_crc.c \
$(srcdir)/t_mddriver.c \
@@ -44,6 +46,7 @@
check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac \
t_cksum4 t_cksum5 \
aes-test \
+ camellia-test \
t_mddriver4 t_mddriver \
t_crc t_cts t_short
$(RUN_SETUP) $(VALGRIND) ./t_nfold
@@ -61,6 +64,8 @@
cmp vk.txt $(srcdir)/expect-vk.txt
$(RUN_SETUP) $(VALGRIND) ./aes-test > vt.txt
cmp vt.txt $(srcdir)/expect-vt.txt
+ $(RUN_SETUP) $(VALGRIND) ./camellia-test > camellia-vt.txt
+ cmp camellia-vt.txt $(srcdir)/camellia-expect-vt.txt
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver4 -x
$(RUN_SETUP) $(VALGRIND) $(C)t_mddriver -x
$(RUN_SETUP) $(VALGRIND) ./t_short
@@ -120,6 +125,9 @@
aes-test: aes-test.$(OBJEXT) $(CRYPTO_DEPLIB)
$(CC_LINK) -o aes-test aes-test.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
+camellia-test: camellia-test.$(OBJEXT) $(CRYPTO_DEPLIB)
+ $(CC_LINK) -o camellia-test camellia-test.$(OBJEXT) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
+
t_mddriver4.o: $(srcdir)/t_mddriver.c
$(CC) -DMD=4 $(ALL_CFLAGS) -o t_mddriver4.o -c $(srcdir)/t_mddriver.c
Copied: branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-expect-vt.txt (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/crypto_tests/camellia-expect-vt.txt)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-expect-vt.txt (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-expect-vt.txt 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,1036 @@
+
+KEYSIZE=128
+
+KEY=00000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=07923A39EB0A817D1C4D87BDB82D1F1C
+
+I=2
+PT=40000000000000000000000000000000
+CT=48CD6419809672D2349260D89A08D3D3
+
+I=3
+PT=20000000000000000000000000000000
+CT=D07493CCB2E95CE0B4945A05ACC97D82
+
+I=4
+PT=10000000000000000000000000000000
+CT=5DBE1EAC9F7080A88DBED7F6DA101448
+
+I=5
+PT=08000000000000000000000000000000
+CT=F01EE477D199DF2701027034B229622F
+
+I=6
+PT=04000000000000000000000000000000
+CT=C841587ABD9A912E563774CB569D051E
+
+I=7
+PT=02000000000000000000000000000000
+CT=1D9BC0C04546F0915C8CCD11391A455C
+
+I=8
+PT=01000000000000000000000000000000
+CT=05E6EBB4BA167F5C479CEFF3152F943B
+
+I=9
+PT=00800000000000000000000000000000
+CT=93211E0F788845B9FC0E4551FFE92AC9
+
+I=10
+PT=00400000000000000000000000000000
+CT=B6D35701CD8FADDE383BBE8E6B70BAF7
+
+I=11
+PT=00200000000000000000000000000000
+CT=8358F9F4EBCFEE348CB30551ACB151A0
+
+I=12
+PT=00100000000000000000000000000000
+CT=D57516EB5AD93C523E40521BF447AFCE
+
+I=13
+PT=00080000000000000000000000000000
+CT=66B2534C279C439133F52E5AD8B439A9
+
+I=14
+PT=00040000000000000000000000000000
+CT=A71C69184A9F63C2992A5F18F77C1FE9
+
+I=15
+PT=00020000000000000000000000000000
+CT=1ADCBE49AEACB9ECEBBD492B10E82C7B
+
+I=16
+PT=00010000000000000000000000000000
+CT=27E3BCFB227C5561DB6CF7FC30387036
+
+I=17
+PT=00008000000000000000000000000000
+CT=F4AE20365CC9D06B0CAE6B695ED2CEC1
+
+I=18
+PT=00004000000000000000000000000000
+CT=3DD682F0B641ED32AD3D43EA2A0456E4
+
+I=19
+PT=00002000000000000000000000000000
+CT=6E5D14A95ECC290B509EA6B673652E3A
+
+I=20
+PT=00001000000000000000000000000000
+CT=F1CDF0F8D7B3FFD95422D7CC0CF40B7B
+
+I=21
+PT=00000800000000000000000000000000
+CT=A9253D459A34C385A1F1B2CFFA3935C5
+
+I=22
+PT=00000400000000000000000000000000
+CT=291024D99FF09A47A1DEE45BA700AE52
+
+I=23
+PT=00000200000000000000000000000000
+CT=49241D9459B277187BB10081C60361C0
+
+I=24
+PT=00000100000000000000000000000000
+CT=AD9BA365CC4DD5553D2D9FE303841D88
+
+I=25
+PT=00000080000000000000000000000000
+CT=C2ECA616664A249DC622CC11196B4AE1
+
+I=26
+PT=00000040000000000000000000000000
+CT=6E1A2D4794BB0DC08777A0BC7523E70E
+
+I=27
+PT=00000020000000000000000000000000
+CT=6DB1F0CF59656BDD235E82B8CEF0BE8E
+
+I=28
+PT=00000010000000000000000000000000
+CT=52F239C5EAF401EBDC54D2F011FF4B6A
+
+I=29
+PT=00000008000000000000000000000000
+CT=6B58A08F648414B67FD6847D2AA51CBF
+
+I=30
+PT=00000004000000000000000000000000
+CT=2959DD5367885A75EB48053CF3251A36
+
+I=31
+PT=00000002000000000000000000000000
+CT=630B292E3B88EF641CDFD531E206605E
+
+I=32
+PT=00000001000000000000000000000000
+CT=4BBB88EF82B70593FCC56AFD91540FDB
+
+I=33
+PT=00000000800000000000000000000000
+CT=0A13055B118A45C606999257BD191426
+
+I=34
+PT=00000000400000000000000000000000
+CT=5CF8E5C9F15D7E4F865020224853EB77
+
+I=35
+PT=00000000200000000000000000000000
+CT=3898805042C7A4315C5EE51AF2DE47E2
+
+I=36
+PT=00000000100000000000000000000000
+CT=8D3F96372E87CBB0B375425B3A10B9E7
+
+I=37
+PT=00000000080000000000000000000000
+CT=4D9510A378BD784A70A66BCC75B7D3C8
+
+I=38
+PT=00000000040000000000000000000000
+CT=70DB1902D37CFBDFB98F7C516F79D416
+
+I=39
+PT=00000000020000000000000000000000
+CT=383C6C2AABEF7FDE25CD470BF774A331
+
+I=40
+PT=00000000010000000000000000000000
+CT=47CBCB5288349B1A15DC9F81FBEE6B8F
+
+I=41
+PT=00000000008000000000000000000000
+CT=21DA34D4468EEB13AED95DAE0FF48310
+
+I=42
+PT=00000000004000000000000000000000
+CT=021C9A8E6BD36FBD036411E5D852A80F
+
+I=43
+PT=00000000002000000000000000000000
+CT=6A459E2F839AF60ACDE83774D0BB5574
+
+I=44
+PT=00000000001000000000000000000000
+CT=C19255121F1B933CAE09E58AEC0E9977
+
+I=45
+PT=00000000000800000000000000000000
+CT=7BA949E27B2BE148A6B801F9305F43D5
+
+I=46
+PT=00000000000400000000000000000000
+CT=E8CEB1026BCF7BCEA32E8A380EA76DB7
+
+I=47
+PT=00000000000200000000000000000000
+CT=63F97747ED56A8F521B20CC65F6F9465
+
+I=48
+PT=00000000000100000000000000000000
+CT=2091CFDC629819106188424AC694F75B
+
+I=49
+PT=00000000000080000000000000000000
+CT=A91BDF8E8B88407942423CCE000527C4
+
+I=50
+PT=00000000000040000000000000000000
+CT=73F9B44B9635A3FD683DBF8D49E9825B
+
+I=51
+PT=00000000000020000000000000000000
+CT=9DC64B2133FAD5069FD9A7CC2FFFD1CC
+
+I=52
+PT=00000000000010000000000000000000
+CT=28240F81FEC36B71E13F1FEA7A7641E3
+
+I=53
+PT=00000000000008000000000000000000
+CT=20DD39FEE96CD2EFF972872A692B28FD
+
+I=54
+PT=00000000000004000000000000000000
+CT=47A9E40483EC1925B635E47E964E8E93
+
+I=55
+PT=00000000000002000000000000000000
+CT=9C0EBD822C49FB3D853DF5B315A87BA0
+
+I=56
+PT=00000000000001000000000000000000
+CT=C18D813FDB45A594C6DC24E5A1F6CE32
+
+I=57
+PT=00000000000000800000000000000000
+CT=7E5467FF245ECF80CB55C2D8E91F0711
+
+I=58
+PT=00000000000000400000000000000000
+CT=394D4365B77954FDEA4145FCF7A7A041
+
+I=59
+PT=00000000000000200000000000000000
+CT=B1D8311A492ED11F11E57B29221610C4
+
+I=60
+PT=00000000000000100000000000000000
+CT=E5FBB947A63AEA90163AF04AD6951EF8
+
+I=61
+PT=00000000000000080000000000000000
+CT=CA0627DDF580F0E7D59562825C9D0492
+
+I=62
+PT=00000000000000040000000000000000
+CT=EF98FFD1AED295AAE1860F0274C8F555
+
+I=63
+PT=00000000000000020000000000000000
+CT=8C698E5CFFF08FACE10C2DC5FF1E2A81
+
+I=64
+PT=00000000000000010000000000000000
+CT=35A7767E02032C35B5CE1A6F49C57C28
+
+I=65
+PT=00000000000000008000000000000000
+CT=AB36F8734E76EBA306CF00D6763D90B0
+
+I=66
+PT=00000000000000004000000000000000
+CT=E854EB66D4EC66889B5E6CD4F44A5806
+
+I=67
+PT=00000000000000002000000000000000
+CT=15B66DF1455ACD640B8716BCF5DB2D69
+
+I=68
+PT=00000000000000001000000000000000
+CT=4C57AB5333E5C2D4B7E30A007E449F48
+
+I=69
+PT=00000000000000000800000000000000
+CT=BA3E7FF28EB38EA09D8DB1440A9A3552
+
+I=70
+PT=00000000000000000400000000000000
+CT=64E60227AFD80C40C70186CC94804C1A
+
+I=71
+PT=00000000000000000200000000000000
+CT=CEB4423C20B4C91C2551F6FC227C9514
+
+I=72
+PT=00000000000000000100000000000000
+CT=F736894B843EF32DA28576DE500D448C
+
+I=73
+PT=00000000000000000080000000000000
+CT=58FDA98B678D15053D4B6C060368108C
+
+I=74
+PT=00000000000000000040000000000000
+CT=E28CAE384E578F47657755EBCD97996C
+
+I=75
+PT=00000000000000000020000000000000
+CT=0A64617BD4B5B166668240D105B7B6A2
+
+I=76
+PT=00000000000000000010000000000000
+CT=4BD090C7E3D365B5EA80F19B4798881E
+
+I=77
+PT=00000000000000000008000000000000
+CT=BC7B6CB9BFF4F72973BB2CD20A512C06
+
+I=78
+PT=00000000000000000004000000000000
+CT=4C7ADDC5C867594E9EE75F0AA6AB9C23
+
+I=79
+PT=00000000000000000002000000000000
+CT=1FBD05C71A36691AC6566A5298101D53
+
+I=80
+PT=00000000000000000001000000000000
+CT=42D7D6B1F499D412F8793972BD968DA2
+
+I=81
+PT=00000000000000000000800000000000
+CT=260EC86E2786FC68824576B934F32814
+
+I=82
+PT=00000000000000000000400000000000
+CT=576C26DFD7046F9357F34BEA7DFB26A0
+
+I=83
+PT=00000000000000000000200000000000
+CT=6D55E54BFB6F927174A02294C95E0F8F
+
+I=84
+PT=00000000000000000000100000000000
+CT=1A6CE91DD458229C7675A34950D10E23
+
+I=85
+PT=00000000000000000000080000000000
+CT=DAD0D5E7E000652825AA34D228EA8D8F
+
+I=86
+PT=00000000000000000000040000000000
+CT=E68013F48D75EAD2BBC0B0BDA5E690BF
+
+I=87
+PT=00000000000000000000020000000000
+CT=A07D92312FBAE37BFE8A834210AE4F9C
+
+I=88
+PT=00000000000000000000010000000000
+CT=6EEE5F8544CD7D456366EB448813989A
+
+I=89
+PT=00000000000000000000008000000000
+CT=F8E5C7FF4B79D7ABE8BFA2DD148820A8
+
+I=90
+PT=00000000000000000000004000000000
+CT=C6349D75C7472BBD66F95B3A07C79C91
+
+I=91
+PT=00000000000000000000002000000000
+CT=B85713C12D8658951CD1AD21C74D2CD2
+
+I=92
+PT=00000000000000000000001000000000
+CT=907AA00B9F7D47A97623FB55BA911F29
+
+I=93
+PT=00000000000000000000000800000000
+CT=DC3CD0ED23D11776FAB43A2A6A8F3557
+
+I=94
+PT=00000000000000000000000400000000
+CT=4BFE58A8FD69179C14765B09AB70B705
+
+I=95
+PT=00000000000000000000000200000000
+CT=A23996E0EA67EC280356E5F77130A551
+
+I=96
+PT=00000000000000000000000100000000
+CT=CDEADE859B3AACD273CCA85A3E2E45F2
+
+I=97
+PT=00000000000000000000000080000000
+CT=E0FC78489857D84DA03F40CE97147174
+
+I=98
+PT=00000000000000000000000040000000
+CT=7615EA6351F6BB12855E8579C6995D8E
+
+I=99
+PT=00000000000000000000000020000000
+CT=13E184344FE28C2E70ED0E4D0A8037F9
+
+I=100
+PT=00000000000000000000000010000000
+CT=A5FE395F568482B87BC3EB208C81C942
+
+I=101
+PT=00000000000000000000000008000000
+CT=B3103E11AF06C85565823F8CAA3159F6
+
+I=102
+PT=00000000000000000000000004000000
+CT=7EBC2234D271B89C519C396985300030
+
+I=103
+PT=00000000000000000000000002000000
+CT=0661D338F2E0C939BA1687820A768467
+
+I=104
+PT=00000000000000000000000001000000
+CT=EC2B42667C0195A90715499617884DA5
+
+I=105
+PT=00000000000000000000000000800000
+CT=AE077BA19D24E7188DDD3682FF196892
+
+I=106
+PT=00000000000000000000000000400000
+CT=98823C24B9C65A66073C7952DC2B4B5E
+
+I=107
+PT=00000000000000000000000000200000
+CT=6AB58432CBB3C2F503DA2D16796CC297
+
+I=108
+PT=00000000000000000000000000100000
+CT=EEB5EBB3A53E4196C2F22BC1A4DDF5E8
+
+I=109
+PT=00000000000000000000000000080000
+CT=33DC40AC5FDC126D38878416AF6C0FA6
+
+I=110
+PT=00000000000000000000000000040000
+CT=38EDDC08E18B4AD982CEA921D2765A9A
+
+I=111
+PT=00000000000000000000000000020000
+CT=7D6BEA038E9347C642E18631660A9558
+
+I=112
+PT=00000000000000000000000000010000
+CT=FDA57921A473B5EE3700AD5ADF035019
+
+I=113
+PT=00000000000000000000000000008000
+CT=699B4812E200337E9C1D2C397F0DFE4E
+
+I=114
+PT=00000000000000000000000000004000
+CT=7A1EADF68B0807145D6C414852DECFC8
+
+I=115
+PT=00000000000000000000000000002000
+CT=1645FFAA8AD76689C01DA8C40882781F
+
+I=116
+PT=00000000000000000000000000001000
+CT=BA0C053BE702FA62FC66D8FEB12FC97E
+
+I=117
+PT=00000000000000000000000000000800
+CT=841FD8AF69CF2C31F7D4D7B6959662B5
+
+I=118
+PT=00000000000000000000000000000400
+CT=F675D59BDB33231861268F539829DA0B
+
+I=119
+PT=00000000000000000000000000000200
+CT=A4967F45ABB4E8C7DC5E3806680F35E0
+
+I=120
+PT=00000000000000000000000000000100
+CT=4D7E08081CC82F92ABA7C58C99F8343F
+
+I=121
+PT=00000000000000000000000000000080
+CT=9AEFDB287C119B82353612B60ECCBFD8
+
+I=122
+PT=00000000000000000000000000000040
+CT=979BB6A1553A17592A86E78DF144A699
+
+I=123
+PT=00000000000000000000000000000020
+CT=A6FA8CAB06FD2E5BF3A858983C01757A
+
+I=124
+PT=00000000000000000000000000000010
+CT=BE8511254C31E25420B91D6FEF1710ED
+
+I=125
+PT=00000000000000000000000000000008
+CT=F589A908D18A21894971C0433581E1A5
+
+I=126
+PT=00000000000000000000000000000004
+CT=4237585130E7C9F715235EB1D8C94DE7
+
+I=127
+PT=00000000000000000000000000000002
+CT=DEFE3E0B5C54C94B4F2A0F5A46F6210D
+
+I=128
+PT=00000000000000000000000000000001
+CT=F5574ACC3148DFCB9015200631024DF9
+
+==========
+
+KEYSIZE=256
+
+KEY=0000000000000000000000000000000000000000000000000000000000000000
+
+I=1
+PT=80000000000000000000000000000000
+CT=B0C6B88AEA518AB09E847248E91B1B9D
+
+I=2
+PT=40000000000000000000000000000000
+CT=B8D7684E35FA1DB15BDCEE7A48659858
+
+I=3
+PT=20000000000000000000000000000000
+CT=F0CAD59AF92FBB79F36951E697492750
+
+I=4
+PT=10000000000000000000000000000000
+CT=117100F6635389560DC4A2DA24EBA70F
+
+I=5
+PT=08000000000000000000000000000000
+CT=DBDD62355553019ED84C35886421E532
+
+I=6
+PT=04000000000000000000000000000000
+CT=9CB8D04FA506F19848F7B9110518BFC8
+
+I=7
+PT=02000000000000000000000000000000
+CT=E4308E253BC3444D293500701BA82C6A
+
+I=8
+PT=01000000000000000000000000000000
+CT=EA2FAE53F7F30C0170A20E95A068503E
+
+I=9
+PT=00800000000000000000000000000000
+CT=14B14839EA221880B2C64D1FE000B93D
+
+I=10
+PT=00400000000000000000000000000000
+CT=A5CFC075B342D5101AACC334E73058BB
+
+I=11
+PT=00200000000000000000000000000000
+CT=477EA56B2EBAD0F8AC5E1936866560FF
+
+I=12
+PT=00100000000000000000000000000000
+CT=107E8598418404196EC59F63E45B7F6D
+
+I=13
+PT=00080000000000000000000000000000
+CT=FF6A891E7C1C074A68FEC291928FDD8D
+
+I=14
+PT=00040000000000000000000000000000
+CT=F64C250A13F45D377ADB7545B2B157A9
+
+I=15
+PT=00020000000000000000000000000000
+CT=FAD0F252086F11C830C65B63197CBC38
+
+I=16
+PT=00010000000000000000000000000000
+CT=9DCB89B209441F02AD0D25C6AB826629
+
+I=17
+PT=00008000000000000000000000000000
+CT=E62E4ED4E4F34EDC563710D960E09D4C
+
+I=18
+PT=00004000000000000000000000000000
+CT=98A1B926BA06895C3F2E84CCBACBC356
+
+I=19
+PT=00002000000000000000000000000000
+CT=29BE0BE4DB7F4D196718AEA38F3B0BFD
+
+I=20
+PT=00001000000000000000000000000000
+CT=F670C4EBECBA0B43E71F6D752BFD4854
+
+I=21
+PT=00000800000000000000000000000000
+CT=7D7666B4484CDB7E3605468E093A787C
+
+I=22
+PT=00000400000000000000000000000000
+CT=562D06B181C091DA6C43642AE99460C6
+
+I=23
+PT=00000200000000000000000000000000
+CT=AB0EFB5975E6186B7D76BC9672453488
+
+I=24
+PT=00000100000000000000000000000000
+CT=10C0756538E7BFF88D19AE2B1F7B859A
+
+I=25
+PT=00000080000000000000000000000000
+CT=AF7FCD5248F8C72F1695AA05DD1CADE0
+
+I=26
+PT=00000040000000000000000000000000
+CT=9841E555655609A75D7BE20B8A90EF1E
+
+I=27
+PT=00000020000000000000000000000000
+CT=27F9546E6A1B7464780000561783569C
+
+I=28
+PT=00000010000000000000000000000000
+CT=8671D935D7A8354EECB7288803D42D7A
+
+I=29
+PT=00000008000000000000000000000000
+CT=0DA44F508DEBC6F044394624FCEB8EBE
+
+I=30
+PT=00000004000000000000000000000000
+CT=AB137369BE6D93FBB18006BDB236EC09
+
+I=31
+PT=00000002000000000000000000000000
+CT=EB90C4E597A7E1779FFA260886E26F75
+
+I=32
+PT=00000001000000000000000000000000
+CT=618CF3588D5C128EAF252616230E08F7
+
+I=33
+PT=00000000800000000000000000000000
+CT=98DC4DB49D197AB9152D12B9DE2D73CA
+
+I=34
+PT=00000000400000000000000000000000
+CT=5BDDE24B15702A35E1F140C57D206443
+
+I=35
+PT=00000000200000000000000000000000
+CT=CF755809882BED8BA2F9F1A4ED296A2B
+
+I=36
+PT=00000000100000000000000000000000
+CT=F1A8DBB999538AE89D16F92A7F4D1DF1
+
+I=37
+PT=00000000080000000000000000000000
+CT=775222FDDAAECB81CF675C4E0B98179E
+
+I=38
+PT=00000000040000000000000000000000
+CT=12A648CADCD153C760A965826683119A
+
+I=39
+PT=00000000020000000000000000000000
+CT=0503FB10AB241E7CF45D8CDEEE474335
+
+I=40
+PT=00000000010000000000000000000000
+CT=3D299C0070CBBD831B802690B8E7CA24
+
+I=41
+PT=00000000008000000000000000000000
+CT=33105BD4D11D66753DC34D128BEFE3F4
+
+I=42
+PT=00000000004000000000000000000000
+CT=5EFCE2B4B987C0F77D27B44836881682
+
+I=43
+PT=00000000002000000000000000000000
+CT=7835449454128035D7F0EA99E327577B
+
+I=44
+PT=00000000001000000000000000000000
+CT=27BEDDA0601BE35122FB1D272D73AB3E
+
+I=45
+PT=00000000000800000000000000000000
+CT=54C3F99FF48E318CC515EDE75800C4B3
+
+I=46
+PT=00000000000400000000000000000000
+CT=C627C329F8E48299F6FDB23B9DBEA0BB
+
+I=47
+PT=00000000000200000000000000000000
+CT=1B6578F9E23BD8C1845A02431C5F9AA3
+
+I=48
+PT=00000000000100000000000000000000
+CT=6DB2FB8C0B9344D0547C0FF1292020C6
+
+I=49
+PT=00000000000080000000000000000000
+CT=4FAD9B2C37C131493FBEF53581FA4F83
+
+I=50
+PT=00000000000040000000000000000000
+CT=47502A01E93D2C87BD5584F6AFD3D99D
+
+I=51
+PT=00000000000020000000000000000000
+CT=056E1C6F651BFE50271B3B7A18E76D84
+
+I=52
+PT=00000000000010000000000000000000
+CT=5632BAF6627B3D96AD4E06FA6A561F55
+
+I=53
+PT=00000000000008000000000000000000
+CT=E29807CAACDFA2D41A7D9E91FA7FD8EB
+
+I=54
+PT=00000000000004000000000000000000
+CT=81DD44BB5D1822DEE605F9E6FF01D7B3
+
+I=55
+PT=00000000000002000000000000000000
+CT=5C3649925E47D7FF96482A8FBD9666FD
+
+I=56
+PT=00000000000001000000000000000000
+CT=695415A836E66E737887845EC08A1ADB
+
+I=57
+PT=00000000000000800000000000000000
+CT=F5416BCE292D9E2CEA5D1CC70BBAEED1
+
+I=58
+PT=00000000000000400000000000000000
+CT=7AEC4F1388FC29C47F7FED74ADDE8485
+
+I=59
+PT=00000000000000200000000000000000
+CT=82A9F1A6CE08BC4876E649D8A8EA7EB6
+
+I=60
+PT=00000000000000100000000000000000
+CT=B6296C88ADF1A792908B065EEB04BFC2
+
+I=61
+PT=00000000000000080000000000000000
+CT=E766A39AECCA40BDBFBE6FF3FA292913
+
+I=62
+PT=00000000000000040000000000000000
+CT=C6D081454EA00D83C23B5A62C84359E1
+
+I=63
+PT=00000000000000020000000000000000
+CT=85D259A79CCA80484504D1603F7A8F53
+
+I=64
+PT=00000000000000010000000000000000
+CT=D8291FA1C6DC250078824B2D0A20883F
+
+I=65
+PT=00000000000000008000000000000000
+CT=95387CB74C48FFBD1F8D64A6CC45E074
+
+I=66
+PT=00000000000000004000000000000000
+CT=A17F975F538F56CDF629B516011DE837
+
+I=67
+PT=00000000000000002000000000000000
+CT=B50B615A1654C6E1CB6AB33716C097FE
+
+I=68
+PT=00000000000000001000000000000000
+CT=7BBB2CBB874DF6C8B821DA7FB0F9011B
+
+I=69
+PT=00000000000000000800000000000000
+CT=E9EFE074D096A275E47CD2E6206DF6A1
+
+I=70
+PT=00000000000000000400000000000000
+CT=88F2F8D5A836406AE8BBB98C65BBDA55
+
+I=71
+PT=00000000000000000200000000000000
+CT=F64620D8D87585A3EF038B9AD58F5EA0
+
+I=72
+PT=00000000000000000100000000000000
+CT=694438EC141C8ED5F2F898B4554A298F
+
+I=73
+PT=00000000000000000080000000000000
+CT=3E6226EC7726A1EE5F5FA9B18CCE8C44
+
+I=74
+PT=00000000000000000040000000000000
+CT=8AB6949E79911647800B9E87362AB97A
+
+I=75
+PT=00000000000000000020000000000000
+CT=093C5CF24EDAF7F9F1C8A80DE4FF50A9
+
+I=76
+PT=00000000000000000010000000000000
+CT=28A36E50061F19E240351ED0E378CBF4
+
+I=77
+PT=00000000000000000008000000000000
+CT=B93BB36CB88BF26EA79198652AA51D3C
+
+I=78
+PT=00000000000000000004000000000000
+CT=DE4948083D044FAC9BCA6DA8CD67B8A6
+
+I=79
+PT=00000000000000000002000000000000
+CT=6E778B5BDA6CA118117E47470D080D3C
+
+I=80
+PT=00000000000000000001000000000000
+CT=0A9107324DA32B4281D032A3487EF875
+
+I=81
+PT=00000000000000000000800000000000
+CT=18ED5635312D71ABD123CCE779D4D68A
+
+I=82
+PT=00000000000000000000400000000000
+CT=2E3C63F95C4BC1F944BAB06DEDC9AA8E
+
+I=83
+PT=00000000000000000000200000000000
+CT=ACCC869EF07004C8C3C709083BE7BA2F
+
+I=84
+PT=00000000000000000000100000000000
+CT=DF60B34FB1A59147CC1FB049C1578206
+
+I=85
+PT=00000000000000000000080000000000
+CT=4228DC636C08E41021054AA0E1E2227A
+
+I=86
+PT=00000000000000000000040000000000
+CT=7CE27F66EFD735FFD6B3E1738C50495B
+
+I=87
+PT=00000000000000000000020000000000
+CT=F8E74B33A9CDE351DA0BBC06D69093D7
+
+I=88
+PT=00000000000000000000010000000000
+CT=AE0D22A5B37B8DC5D81CC641EED334D0
+
+I=89
+PT=00000000000000000000008000000000
+CT=C181C6CA5E163743458B9167A0B6A16A
+
+I=90
+PT=00000000000000000000004000000000
+CT=5171F4F6095E4B276CFBA1F07223FBE6
+
+I=91
+PT=00000000000000000000002000000000
+CT=2732F4D3A8C9D1D8D493840D6E0B864F
+
+I=92
+PT=00000000000000000000001000000000
+CT=3EF04E0059A061D973532CA5C1DFBE7B
+
+I=93
+PT=00000000000000000000000800000000
+CT=6D9A8F23579E4978EBAA87B5ADEB77E5
+
+I=94
+PT=00000000000000000000000400000000
+CT=BBD08873CC44BA4253C0C41FEEB7F124
+
+I=95
+PT=00000000000000000000000200000000
+CT=72E4B2437CBD283F3809CE686F6A591E
+
+I=96
+PT=00000000000000000000000100000000
+CT=6E5580514B92512B1BF4B1B987B9AA1B
+
+I=97
+PT=00000000000000000000000080000000
+CT=5EF5D0C5BCBDCB604D3A083B68CE0FA3
+
+I=98
+PT=00000000000000000000000040000000
+CT=9D991FDD723AD2182777A15CA0E0F665
+
+I=99
+PT=00000000000000000000000020000000
+CT=24440626EFC8F86BEA7DE78085AB8A22
+
+I=100
+PT=00000000000000000000000010000000
+CT=17C3630D62D13C1E826C0FCCBD74A864
+
+I=101
+PT=00000000000000000000000008000000
+CT=4CF5AB86A56AB134A7FE46CCE3F9FCE9
+
+I=102
+PT=00000000000000000000000004000000
+CT=3E6B9C0388F6D9B8F458F30221907607
+
+I=103
+PT=00000000000000000000000002000000
+CT=AD9C926B8A5CD98EEE88200617E59958
+
+I=104
+PT=00000000000000000000000001000000
+CT=AFF8AED5E075E02AF720CA4BF0028B3B
+
+I=105
+PT=00000000000000000000000000800000
+CT=D90EAFF909202BB209BB3BB8C7F9A954
+
+I=106
+PT=00000000000000000000000000400000
+CT=2C709B00E6A22F00F64A7D8EE341853F
+
+I=107
+PT=00000000000000000000000000200000
+CT=CCEC598F0D9F0BF201B2F487136D54A4
+
+I=108
+PT=00000000000000000000000000100000
+CT=73B2883A0A166AAE1BF14E60A5195FA3
+
+I=109
+PT=00000000000000000000000000080000
+CT=E676867BD9AD5EF915143388496779D7
+
+I=110
+PT=00000000000000000000000000040000
+CT=CDCB73D1BFCFD4BE7F1DAA9B1C6A4055
+
+I=111
+PT=00000000000000000000000000020000
+CT=02A3A5C89DAA24CD2C517F7A73286A89
+
+I=112
+PT=00000000000000000000000000010000
+CT=C0FA2AC9E92EE58C2DD12D6D43AB7035
+
+I=113
+PT=00000000000000000000000000008000
+CT=EDC2CB1F7291353BDBF2385519E6AE16
+
+I=114
+PT=00000000000000000000000000004000
+CT=B4B62D16D197A98CD3B978812B9D9884
+
+I=115
+PT=00000000000000000000000000002000
+CT=5CDFC95A529A905101CEA26BC1B891ED
+
+I=116
+PT=00000000000000000000000000001000
+CT=CC7150CD3650B98363296C7C4ED368D1
+
+I=117
+PT=00000000000000000000000000000800
+CT=CC57706B0C6526B8E25A5DBD32EACBDB
+
+I=118
+PT=00000000000000000000000000000400
+CT=30D30456AD98B182D64C649648F6AEC9
+
+I=119
+PT=00000000000000000000000000000200
+CT=D7E9DA7F631938EB649A08AF82FBD75F
+
+I=120
+PT=00000000000000000000000000000100
+CT=B8DA2AF6600B07895B5D0FFAF4991469
+
+I=121
+PT=00000000000000000000000000000080
+CT=0F6F64F930BA6C178943322B98114599
+
+I=122
+PT=00000000000000000000000000000040
+CT=8B1F247802E47C91BEE2AA34ECFD7A01
+
+I=123
+PT=00000000000000000000000000000020
+CT=7A6985778D3A66E97F23E01F0D0E45E7
+
+I=124
+PT=00000000000000000000000000000010
+CT=BA664AC39855518DFDEE10D1B3111FAE
+
+I=125
+PT=00000000000000000000000000000008
+CT=7C92854D801A1648F65CA81813DDBF83
+
+I=126
+PT=00000000000000000000000000000004
+CT=6A3F25AAB7E92D9CF378E5D9C040F26B
+
+I=127
+PT=00000000000000000000000000000002
+CT=3D4B2CDE666761BA5DFB305178E667FB
+
+I=128
+PT=00000000000000000000000000000001
+CT=9CDB269B5D293BC5DB9C55B057D9B591
+
+==========
Copied: branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-test.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/crypto_tests/camellia-test.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-test.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/crypto_tests/camellia-test.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,142 @@
+/*
+ * lib/crypto/camellia/camellia-test.c
+ *
+ * Copyright (c) 2009
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Subset of NIST tests for AES as applied to Camellia; specifically, the
+ * variable-key and variable-text tests for 128- and 256-bit keys.
+ */
+
+#include <stdio.h>
+#include "k5-int.h"
+
+static char key[32];
+static char plain[16], cipher[16], zero[16];
+
+static krb5_keyblock enc_key;
+static krb5_data ivec;
+static void init()
+{
+ enc_key.contents = (unsigned char *)key;
+ enc_key.length = 16;
+ ivec.data = zero;
+ ivec.length = 16;
+}
+static void enc()
+{
+ krb5_key k;
+ krb5_crypto_iov iov;
+ krb5_data cdata = make_data(cipher, 16);
+
+ iov.flags = KRB5_CRYPTO_TYPE_DATA;
+ iov.data = make_data(plain, 16);
+ krb5_k_create_key(NULL, &enc_key, &k);
+ /* cbc-mac is the same as block encryption for a single block. */
+ krb5int_camellia_cbc_mac(k, &iov, 1, &ivec, &cdata);
+ krb5_k_free_key(NULL, k);
+}
+
+static void hexdump(const char *label, const char *cp, int len)
+{
+ printf("%s=", label);
+ while (len--) printf("%02X", 0xff & *cp++);
+ printf("\n");
+}
+
+static void set_bit(char *ptr, int bitnum)
+{
+ int bytenum;
+ bytenum = bitnum / 8;
+ bitnum %= 8;
+ /* First bit is the high bit! */
+ ptr[bytenum] = 1 << (7 - bitnum);
+}
+
+/* Variable-Key tests */
+static void vk_test_1(int len)
+{
+ int i;
+
+ enc_key.length = len;
+ printf("\nKEYSIZE=%d\n\n", len * 8);
+ memset(plain, 0, sizeof(plain));
+ hexdump("PT", plain, 16);
+ for (i = 0; i < len * 8; i++) {
+ memset(key, 0, len);
+ set_bit(key, i);
+ printf("\nI=%d\n", i+1);
+ hexdump("KEY", key, len);
+ enc();
+ hexdump("CT", cipher, 16);
+ }
+ printf("\n==========\n");
+}
+static void vk_test()
+{
+ vk_test_1(16);
+ vk_test_1(32);
+}
+
+/* Variable-Text tests */
+static void vt_test_1(int len)
+{
+ int i;
+
+ enc_key.length = len;
+ printf("\nKEYSIZE=%d\n\n", len * 8);
+ memset(key, 0, len);
+ hexdump("KEY", key, len);
+ for (i = 0; i < 16 * 8; i++) {
+ memset(plain, 0, sizeof(plain));
+ set_bit(plain, i);
+ printf("\nI=%d\n", i+1);
+ hexdump("PT", plain, 16);
+ enc();
+ hexdump("CT", cipher, 16);
+ }
+ printf("\n==========\n");
+}
+static void vt_test()
+{
+ vt_test_1(16);
+ vt_test_1(32);
+}
+
+
+int main (int argc, char *argv[])
+{
+ if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
+ fprintf(stderr,
+ "usage:\t%s -k\tfor variable-key tests\n"
+ " or:\t%s \tfor variable-plaintext tests\n",
+ argv[0], argv[0]);
+ return 1;
+ }
+ init();
+ if (argc == 2)
+ vk_test();
+ else
+ vt_test();
+ return 0;
+}
Modified: branches/camellia-ccm/src/lib/crypto/crypto_tests/t_encrypt.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/crypto_tests/t_encrypt.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/crypto_tests/t_encrypt.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -45,6 +45,8 @@
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA256_CCM_128,
0
};
Modified: branches/camellia-ccm/src/lib/crypto/crypto_tests/t_short.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/crypto_tests/t_short.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/crypto_tests/t_short.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -41,6 +41,8 @@
ENCTYPE_ARCFOUR_HMAC_EXP,
ENCTYPE_AES256_CTS_HMAC_SHA1_96,
ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+ ENCTYPE_CAMELLIA128_CCM_128,
+ ENCTYPE_CAMELLIA256_CCM_128,
0
};
Modified: branches/camellia-ccm/src/lib/crypto/krb/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -8,6 +8,7 @@
-I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/yarrow \
-I$(srcdir)/../@CRYPTO_IMPL@/ -I$(srcdir)/../@CRYPTO_IMPL@/des \
-I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/arcfour \
+ -I$(srcdir)/../@CRYPTO_IMPL@/camellia \
-I$(srcdir)/../@CRYPTO_IMPL@/sha1 -I$(srcdir)/../@CRYPTO_IMPL@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
Modified: branches/camellia-ccm/src/lib/crypto/krb/aead.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/aead.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/aead.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -53,184 +53,6 @@
return iov;
}
-#ifdef DEBUG_IOV
-static void
-dump_block(const char *tag,
- size_t i,
- size_t j,
- unsigned char *block,
- size_t block_size)
-{
- size_t k;
-
- printf("[%s: %d.%d] ", tag, i, j);
-
- for (k = 0; k < block_size; k++)
- printf("%02x ", block[k] & 0xFF);
-
- printf("\n");
-}
-#endif
-
-static int
-process_block_p(const krb5_crypto_iov *data,
- size_t num_data,
- struct iov_block_state *iov_state,
- size_t i)
-{
- const krb5_crypto_iov *iov = &data[i];
- int process_block;
-
- switch (iov->flags) {
- case KRB5_CRYPTO_TYPE_SIGN_ONLY:
- process_block = iov_state->include_sign_only;
- break;
- case KRB5_CRYPTO_TYPE_PADDING:
- process_block = (iov_state->pad_to_boundary == 0);
- break;
- case KRB5_CRYPTO_TYPE_HEADER:
- process_block = (iov_state->ignore_header == 0);
- break;
- case KRB5_CRYPTO_TYPE_DATA:
- process_block = 1;
- break;
- default:
- process_block = 0;
- break;
- }
-
- return process_block;
-}
-
-/*
- * Returns TRUE if, having reached the end of the current buffer,
- * we should pad the rest of the block with zeros.
- */
-static int
-pad_to_boundary_p(const krb5_crypto_iov *data,
- size_t num_data,
- struct iov_block_state *iov_state,
- size_t i,
- size_t j)
-{
- /* If the pad_to_boundary flag is unset, return FALSE */
- if (iov_state->pad_to_boundary == 0)
- return 0;
-
- /* If we haven't got any data, we need to get some */
- if (j == 0)
- return 0;
-
- /* No boundary between adjacent buffers marked for processing */
- if (data[iov_state->iov_pos].flags == data[i].flags)
- return 0;
-
- return 1;
-}
-
-krb5_boolean
-krb5int_c_iov_get_block(unsigned char *block,
- size_t block_size,
- const krb5_crypto_iov *data,
- size_t num_data,
- struct iov_block_state *iov_state)
-{
- size_t i, j = 0;
-
- for (i = iov_state->iov_pos; i < num_data; i++) {
- const krb5_crypto_iov *iov = &data[i];
- size_t nbytes;
-
- if (!process_block_p(data, num_data, iov_state, i))
- continue;
-
- if (pad_to_boundary_p(data, num_data, iov_state, i, j))
- break;
-
- iov_state->iov_pos = i;
-
- nbytes = iov->data.length - iov_state->data_pos;
- if (nbytes > block_size - j)
- nbytes = block_size - j;
-
- memcpy(block + j, iov->data.data + iov_state->data_pos, nbytes);
-
- iov_state->data_pos += nbytes;
- j += nbytes;
-
- assert(j <= block_size);
-
- if (j == block_size)
- break;
-
- assert(iov_state->data_pos == iov->data.length);
-
- iov_state->data_pos = 0;
- }
-
- iov_state->iov_pos = i;
- if (i == num_data)
- return FALSE;
-
- if (j != block_size)
- memset(block + j, 0, block_size - j);
-
-#ifdef DEBUG_IOV
- dump_block("get_block", i, j, block, block_size);
-#endif
-
- return TRUE;
-}
-
-krb5_boolean
-krb5int_c_iov_put_block(const krb5_crypto_iov *data,
- size_t num_data,
- unsigned char *block,
- size_t block_size,
- struct iov_block_state *iov_state)
-{
- size_t i, j = 0;
-
- for (i = iov_state->iov_pos; i < num_data; i++) {
- const krb5_crypto_iov *iov = &data[i];
- size_t nbytes;
-
- if (!process_block_p(data, num_data, iov_state, i))
- continue;
-
- if (pad_to_boundary_p(data, num_data, iov_state, i, j))
- break;
-
- iov_state->iov_pos = i;
-
- nbytes = iov->data.length - iov_state->data_pos;
- if (nbytes > block_size - j)
- nbytes = block_size - j;
-
- memcpy(iov->data.data + iov_state->data_pos, block + j, nbytes);
-
- iov_state->data_pos += nbytes;
- j += nbytes;
-
- assert(j <= block_size);
-
- if (j == block_size)
- break;
-
- assert(iov_state->data_pos == iov->data.length);
-
- iov_state->data_pos = 0;
- }
-
- iov_state->iov_pos = i;
-
-#ifdef DEBUG_IOV
- dump_block("put_block", i, j, block, block_size);
-#endif
-
- return (iov_state->iov_pos < num_data);
-}
-
krb5_error_code
krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage keyusage, const krb5_data *ivec,
Modified: branches/camellia-ccm/src/lib/crypto/krb/aead.h
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/aead.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/aead.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -60,20 +60,6 @@
(_state)->include_sign_only = \
(_state)->pad_to_boundary = 0)
-krb5_boolean
-krb5int_c_iov_get_block(unsigned char *block,
- size_t block_size,
- const krb5_crypto_iov *data,
- size_t num_data,
- struct iov_block_state *iov_state);
-
-krb5_boolean
-krb5int_c_iov_put_block(const krb5_crypto_iov *data,
- size_t num_data,
- unsigned char *block,
- size_t block_size,
- struct iov_block_state *iov_state);
-
krb5_error_code
krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage keyusage, const krb5_data *ivec,
@@ -82,48 +68,247 @@
unsigned int
krb5int_c_padding_length(const struct krb5_keytypes *ktp, size_t data_length);
+#ifdef DEBUG_IOV
+static inline void
+dump_block(const char *tag,
+ size_t i,
+ size_t j,
+ unsigned char *block,
+ size_t block_size)
+{
+ size_t k;
+
+ printf("[%s: %lu.%lu] ", tag, i, j);
+
+ for (k = 0; k < block_size; k++)
+ printf("%02x ", block[k] & 0xFF);
+
+ printf("\n");
+}
+#endif
+
+static inline int
+process_block_p(const krb5_crypto_iov *data,
+ size_t num_data,
+ struct iov_block_state *iov_state,
+ size_t i)
+{
+ const krb5_crypto_iov *iov = &data[i];
+ int process_block;
+
+ switch (iov->flags) {
+ case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+ process_block = iov_state->include_sign_only;
+ break;
+ case KRB5_CRYPTO_TYPE_PADDING:
+ process_block = (iov_state->pad_to_boundary == 0);
+ break;
+ case KRB5_CRYPTO_TYPE_HEADER:
+ process_block = (iov_state->ignore_header == 0);
+ break;
+ case KRB5_CRYPTO_TYPE_DATA:
+ process_block = 1;
+ break;
+ default:
+ process_block = 0;
+ break;
+ }
+
+ return process_block;
+}
+
/*
- * Returns an alias into the current buffer if the next block is fully
- * contained within; otherwise makes a copy of the next block and returns an
- * alias to storage. After calling this function, encrypt the returned block
- * in place and then call iov_store_block (with a separate output cursor) to
- * store the result back into the iov if necessary. Returns NULL if there
- * is no next block.
+ * Returns TRUE if, having reached the end of the current buffer,
+ * we should pad the rest of the block with zeros.
*/
-static inline unsigned char *
-iov_next_block(unsigned char *storage, size_t len,
- const krb5_crypto_iov *data, size_t num_data,
- struct iov_block_state *pos)
+static inline int
+pad_to_boundary_p(const krb5_crypto_iov *data,
+ size_t num_data,
+ struct iov_block_state *iov_state,
+ size_t i,
+ size_t j)
{
- const krb5_crypto_iov *iov = &data[pos->iov_pos];
- unsigned char *block;
+ /* If the pad_to_boundary flag is unset, return FALSE */
+ if (iov_state->pad_to_boundary == 0)
+ return 0;
- if (pos->iov_pos < num_data && iov->data.length - pos->data_pos >= len) {
- /* Return an alias to memory inside the current iov. */
- block = (unsigned char *) iov->data.data + pos->data_pos;
- pos->data_pos += len;
- return block;
+ /* If we haven't got any data, we need to get some */
+ if (j == 0)
+ return 0;
+
+ /* No boundary between adjacent buffers marked for processing */
+ if (data[iov_state->iov_pos].flags == data[i].flags)
+ return 0;
+
+ return 1;
+}
+
+/*
+ * Retrieve a block from the IOV. If p is non-NULL and the next block is
+ * completely contained within the current buffer, then *p will contain an
+ * alias into the buffer; otherwise, a copy will be made into storage.
+ *
+ * After calling this function, encrypt the returned block and then call
+ * krb5int_c_iov_put_block_nocopy() (with a separate output cursor). If
+ * p was non-NULL on the call to get_block(), then pass that pointer in.
+ */
+static inline krb5_boolean
+krb5int_c_iov_get_block_nocopy(unsigned char *storage,
+ size_t block_size,
+ const krb5_crypto_iov *data,
+ size_t num_data,
+ struct iov_block_state *iov_state,
+ unsigned char **p)
+{
+ size_t i, j = 0;
+
+ if (p != NULL)
+ *p = storage;
+
+ for (i = iov_state->iov_pos; i < num_data; i++) {
+ const krb5_crypto_iov *iov = &data[i];
+ size_t nbytes;
+
+ if (!process_block_p(data, num_data, iov_state, i))
+ continue;
+
+ if (pad_to_boundary_p(data, num_data, iov_state, i, j))
+ break;
+
+ iov_state->iov_pos = i;
+
+ nbytes = iov->data.length - iov_state->data_pos;
+ if (nbytes > block_size - j)
+ nbytes = block_size - j;
+
+ /*
+ * If we can return a pointer into a complete block, then do so.
+ */
+ if (p != NULL && j == 0 && nbytes == block_size) {
+ *p = (unsigned char *)iov->data.data + iov_state->data_pos;
+ } else {
+ memcpy(storage + j, iov->data.data + iov_state->data_pos, nbytes);
+ }
+
+ iov_state->data_pos += nbytes;
+ j += nbytes;
+
+ assert(j <= block_size);
+
+ if (j == block_size)
+ break;
+
+ assert(iov_state->data_pos == iov->data.length);
+
+ iov_state->data_pos = 0;
}
- /* Do it the slow way and return a copy into storage. */
- if (krb5int_c_iov_get_block(storage, len, data, num_data, pos))
- return storage;
- return NULL;
+
+ iov_state->iov_pos = i;
+
+ if (j == 0)
+ return FALSE;
+ else if (j != block_size)
+ memset(storage + j, 0, block_size - j);
+
+#ifdef DEBUG_IOV
+ dump_block("get_block", i, j, (p && *p) ? *p : storage, block_size);
+#endif
+
+ return TRUE;
}
/*
- * Store a block retrieved with iov_next_block if necessary, and advance the
- * output cursor.
+ * Store a block retrieved with krb5int_c_iov_get_block_no_copy if
+ * necessary, and advance the output cursor.
*/
-static inline void
-iov_store_block(const krb5_crypto_iov *data, size_t num_data,
- unsigned char *block, unsigned char *storage, size_t len,
- struct iov_block_state *pos)
+static inline krb5_boolean
+krb5int_c_iov_put_block_nocopy(const krb5_crypto_iov *data,
+ size_t num_data,
+ unsigned char *storage,
+ size_t block_size,
+ struct iov_block_state *iov_state,
+ unsigned char *p)
{
- if (block == storage) {
- /* We got the block the slow way; put it back that way too. */
- krb5int_c_iov_put_block(data, num_data, storage, len, pos);
- } else {
- /* It's already stored; we just have to advance the output cursor. */
- pos->data_pos += len;
+ size_t i, j = 0;
+
+ assert(p != NULL);
+
+ for (i = iov_state->iov_pos; i < num_data; i++) {
+ const krb5_crypto_iov *iov = &data[i];
+ size_t nbytes;
+
+ if (!process_block_p(data, num_data, iov_state, i))
+ continue;
+
+ if (pad_to_boundary_p(data, num_data, iov_state, i, j))
+ break;
+
+ iov_state->iov_pos = i;
+
+ nbytes = iov->data.length - iov_state->data_pos;
+ if (nbytes > block_size - j)
+ nbytes = block_size - j;
+
+ /*
+ * If we had previously returned a pointer into a complete block,
+ * then no action is required.
+ */
+ if (p == storage) {
+ memcpy(iov->data.data + iov_state->data_pos, storage + j, nbytes);
+ } else {
+ /* Validate we correctly paired with a call to get_block_nocopy() */
+ assert(j == 0);
+ assert(nbytes == 0 || nbytes == block_size);
+ }
+
+ iov_state->data_pos += nbytes;
+ j += nbytes;
+
+ assert(j <= block_size);
+
+ if (j == block_size)
+ break;
+
+ assert(iov_state->data_pos == iov->data.length);
+
+ iov_state->data_pos = 0;
}
+
+ iov_state->iov_pos = i;
+
+#ifdef DEBUG_IOV
+ dump_block("put_block", i, j, p, block_size);
+#endif
+
+ return (iov_state->iov_pos < num_data);
}
+
+/*
+ * A wrapper for krb5int_c_iov_get_block_nocopy() that always makes
+ * a copy.
+ */
+static inline krb5_boolean
+krb5int_c_iov_get_block(unsigned char *block,
+ size_t block_size,
+ const krb5_crypto_iov *data,
+ size_t num_data,
+ struct iov_block_state *iov_state)
+{
+ return krb5int_c_iov_get_block_nocopy(block, block_size, data, num_data,
+ iov_state, NULL);
+}
+
+/*
+ * A wrapper for krb5int_c_iov_put_block_nocopy() that always copies
+ * the block.
+ */
+static inline krb5_boolean
+krb5int_c_iov_put_block(const krb5_crypto_iov *data,
+ size_t num_data,
+ unsigned char *block,
+ size_t block_size,
+ struct iov_block_state *iov_state)
+{
+ return krb5int_c_iov_put_block_nocopy(data, num_data, block, block_size,
+ iov_state, block);
+}
Modified: branches/camellia-ccm/src/lib/crypto/krb/checksum/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/checksum/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/checksum/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -10,12 +10,14 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-STLIBOBJS= cbc.o confounder.o hmac_md5.o unkeyed.o
+STLIBOBJS= cbc.o cmac.o confounder.o hmac_md5.o unkeyed.o
-OBJS= $(OUTPRE)cbc.$(OBJEXT) $(OUTPRE)confounder.$(OBJEXT) \
- $(OUTPRE)hmac_md5.$(OBJEXT) $(OUTPRE)unkeyed.$(OBJEXT)
+OBJS= $(OUTPRE)cbc.$(OBJEXT) $(OUTPRE)cmac.$(OBJECT) \
+ $(OUTPRE)confounder.$(OBJEXT) $(OUTPRE)hmac_md5.$(OBJEXT) \
+ $(OUTPRE)unkeyed.$(OBJEXT)
-SRCS= $(srcdir)/cbc.c $(srcdir)/confounder.c $(srcdir)/hmac_md5.c \
+SRCS= $(srcdir)/cbc.c $(srcdir)/cmac.c \
+ $(srcdir)/confounder.c $(srcdir)/hmac_md5.c \
$(srcdir)/unkeyed.c
##DOS##LIBOBJS = $(OBJS)
Copied: branches/camellia-ccm/src/lib/crypto/krb/checksum/cmac.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/krb/checksum/cmac.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/checksum/cmac.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/krb/checksum/cmac.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,226 @@
+/*
+ * lib/crypto/krb/checksum/cmac.c
+ *
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+/*
+ * Portions Copyright (C) The Internet Society (2006).
+ *
+ * This document is subject to the rights, licenses and restrictions
+ * contained in BCP 78, and except as set forth therein, the authors
+ * retain all their rights.
+ *
+ * This document and the information contained herein are provided on an
+ * "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ * OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ * ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ * INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ * WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "etypes.h"
+#include "aead.h"
+#include "etypes.h"
+#include "cksumtypes.h"
+
+#define BLOCK_SIZE 16
+
+static unsigned char const_Rb[BLOCK_SIZE] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87
+};
+
+static void
+xor_128(unsigned char *a, unsigned char *b, unsigned char *out)
+{
+ int z;
+
+ for (z = 0; z < BLOCK_SIZE / 4; z++) {
+ unsigned char *aptr = &a[z * 4];
+ unsigned char *bptr = &b[z * 4];
+ unsigned char *outptr = &out[z * 4];
+
+ store_32_n(load_32_n(aptr) ^ load_32_n(bptr), outptr);
+ }
+}
+
+static void
+leftshift_onebit(unsigned char *input, unsigned char *output)
+{
+ int i;
+ unsigned char overflow = 0;
+
+ for (i = BLOCK_SIZE - 1; i >= 0; i--) {
+ output[i] = input[i] << 1;
+ output[i] |= overflow;
+ overflow = (input[i] & 0x80) ? 1 : 0;
+ }
+}
+
+static krb5_error_code
+generate_subkey(const struct krb5_enc_provider *enc,
+ krb5_key key,
+ unsigned char *K1,
+ unsigned char *K2)
+{
+ unsigned char Z[BLOCK_SIZE];
+ unsigned char L[BLOCK_SIZE];
+ unsigned char tmp[BLOCK_SIZE];
+ krb5_crypto_iov iov[1];
+ krb5_data d;
+ krb5_error_code ret;
+
+ memset(Z, 0, sizeof(Z));
+ iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[0].data = make_data((char *)Z, sizeof(Z));
+
+ d = make_data((char *)L, BLOCK_SIZE);
+
+ ret = enc->cbc_mac(key, iov, 1, NULL, &d);
+ if (ret != 0)
+ return ret;
+
+ if ((L[0] & 0x80) == 0) {
+ leftshift_onebit(L, K1);
+ } else {
+ leftshift_onebit(L, tmp);
+ xor_128(tmp, const_Rb, K1);
+ }
+
+ if ((K1[0] & 0x80) == 0) {
+ leftshift_onebit(K1, K2);
+ } else {
+ leftshift_onebit(K1, tmp);
+ xor_128(tmp, const_Rb, K2);
+ }
+
+ return 0;
+}
+
+static void
+padding(unsigned char *lastb, unsigned char *pad, int length)
+{
+ int j;
+
+ /* original last block */
+ for (j = 0; j < BLOCK_SIZE; j++) {
+ if (j < length) {
+ pad[j] = lastb[j];
+ } else if (j == length) {
+ pad[j] = 0x80;
+ } else {
+ pad[j] = 0x00;
+ }
+ }
+}
+
+/*
+ * Implementation of CMAC algorithm. When used with AES, this function
+ * is compatible with RFC 4493.
+ */
+krb5_error_code
+krb5int_cmac_checksum(const struct krb5_enc_provider *enc, krb5_key key,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output)
+{
+ unsigned char Y[BLOCK_SIZE], M_last[BLOCK_SIZE], padded[BLOCK_SIZE];
+ unsigned char K1[BLOCK_SIZE], K2[BLOCK_SIZE];
+ unsigned char input[BLOCK_SIZE];
+ unsigned int n, i, flag;
+ krb5_error_code ret;
+ struct iov_block_state iov_state;
+ unsigned int length;
+ krb5_data ivec;
+ krb5_crypto_iov iov[1];
+ krb5_data d;
+
+ assert(enc->cbc_mac != NULL);
+
+ if (enc->block_size != BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+ for (i = 0, length = 0; i < num_data; i++) {
+ const krb5_crypto_iov *piov = &data[i];
+
+ if (SIGN_IOV(piov))
+ length += piov->data.length;
+ }
+
+ ret = generate_subkey(enc, key, K1, K2);
+ if (ret != 0)
+ return ret;
+
+ n = (length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+
+ if (n == 0) {
+ n = 1;
+ flag = 0;
+ } else {
+ flag = ((length % BLOCK_SIZE) == 0);
+ }
+
+ iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[0].data = make_data((char *)input, BLOCK_SIZE);
+
+ memset(Y, 0, BLOCK_SIZE);
+
+ ivec = make_data((char *)Y, BLOCK_SIZE);
+ d = make_data((char *)Y, BLOCK_SIZE);
+
+ IOV_BLOCK_STATE_INIT(&iov_state);
+ iov_state.include_sign_only = 1;
+
+ for (i = 0; i < n - 1; i++) {
+ krb5int_c_iov_get_block(input, BLOCK_SIZE, data, num_data, &iov_state);
+
+ ret = enc->cbc_mac(key, iov, 1, &ivec, &d);
+ if (ret != 0)
+ return ret;
+ }
+
+ krb5int_c_iov_get_block(input, BLOCK_SIZE, data, num_data, &iov_state);
+
+ if (flag) {
+ /* last block is complete block */
+ xor_128(input, K1, M_last);
+ } else {
+ padding(input, padded, length % BLOCK_SIZE);
+ xor_128(padded, K2, M_last);
+ }
+
+ iov[0].data = make_data((char *)M_last, BLOCK_SIZE);
+
+ ret = enc->cbc_mac(key, iov, 1, &ivec, &d);
+ if (ret != 0)
+ return ret;
+
+ assert(output->length >= d.length);
+
+ output->length = d.length;
+ memcpy(output->data, d.data, d.length);
+
+ return 0;
+}
+
Modified: branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -104,6 +104,18 @@
NULL, &krb5int_hash_md5,
krb5int_hmacmd5_checksum, NULL,
16, 16, 0 },
+
+ { CKSUMTYPE_CMAC_128_CAMELLIA128,
+ "cmac-128-camellia128", { 0 }, "CMAC Camellia128 key",
+ &krb5int_enc_camellia128_ctr, NULL,
+ krb5int_dk_cmac_checksum, NULL,
+ 16, 16, 0 },
+
+ { CKSUMTYPE_CMAC_128_CAMELLIA256,
+ "cmac-128-camellia256", { 0 }, "CMAC Camellia256 key",
+ &krb5int_enc_camellia256_ctr, NULL,
+ krb5int_dk_cmac_checksum, NULL,
+ 16, 16, 0 },
};
const size_t krb5int_cksumtypes_length =
Modified: branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.h
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/cksumtypes.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -97,6 +97,12 @@
size_t num_data,
krb5_data *output);
+krb5_error_code krb5int_cmac_checksum(const struct krb5_enc_provider *enc,
+ krb5_key key,
+ const krb5_crypto_iov *data,
+ size_t num_data,
+ krb5_data *output);
+
krb5_error_code krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
krb5_key key, krb5_keyusage usage,
const krb5_crypto_iov *data,
Modified: branches/camellia-ccm/src/lib/crypto/krb/dk/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -11,20 +11,26 @@
PROG_RPATH=$(KRB5_LIBDIR)
STLIBOBJS=\
- checksum.o \
+ checksum_hmac.o \
+ checksum_cmac.o \
dk_aead.o \
+ dk_ccm.o \
derive.o \
stringtokey.o
OBJS=\
- $(OUTPRE)checksum.$(OBJEXT) \
+ $(OUTPRE)checksum_hmac.$(OBJEXT)\
+ $(OUTPRE)checksum_cmac.$(OBJEXT)\
$(OUTPRE)dk_aead.$(OBJEXT) \
+ $(OUTPRE)dk_ccm.$(OBJEXT) \
$(OUTPRE)derive.$(OBJEXT) \
$(OUTPRE)stringtokey.$(OBJEXT)
SRCS=\
- $(srcdir)/checksum.c \
+ $(srcdir)/checksum_hmac.c \
+ $(srcdir)/checksum_cmac.c \
$(srcdir)/dk_aead.c \
+ $(srcdir)/dk_ccm.c \
$(srcdir)/derive.c \
$(srcdir)/stringtokey.c
Copied: branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_cmac.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/krb/dk/checksum_cmac.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_cmac.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_cmac.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,74 @@
+/*
+ * lib/crypto/krb/dk/checksum_cmac.c
+ *
+ * Copyright 2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "etypes.h"
+#include "dk.h"
+#include "aead.h"
+#include "cksumtypes.h"
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+krb5_error_code
+krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output)
+{
+ const struct krb5_keytypes *ktp;
+ const struct krb5_enc_provider *enc;
+ krb5_error_code ret;
+ unsigned char constantdata[K5CLENGTH];
+ krb5_data datain;
+ krb5_key kc;
+
+ /* Use the key's enctype (more flexible than setting an enctype in ctp). */
+ ktp = find_enctype(key->keyblock.enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ enc = ktp->enc;
+ if (key->keyblock.length != enc->keylength)
+ return KRB5_BAD_KEYSIZE;
+ if (ctp->compute_size != enc->block_size)
+ return KRB5_BAD_MSIZE;
+
+ /* Derive the key. */
+ datain = make_data(constantdata, K5CLENGTH);
+ store_32_be(usage, constantdata);
+ constantdata[4] = (char) 0x99;
+ ret = krb5int_derive_key(enc, key, &kc, &datain);
+ if (ret != 0)
+ return ret;
+
+ /* Hash the data. */
+ ret = krb5int_cmac_checksum(enc, kc, data, num_data, output);
+ if (ret != 0)
+ memset(output->data, 0, output->length);
+
+ krb5_k_free_key(NULL, kc);
+ return ret;
+}
+
Copied: branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_hmac.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/krb/dk/checksum_hmac.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_hmac.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/checksum_hmac.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,72 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * Copyright (C) 1998 by the FundsXpress, INC.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require
+ * a specific license from the United States Government. It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of FundsXpress. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. FundsXpress makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#include "k5-int.h"
+#include "etypes.h"
+#include "dk.h"
+#include "cksumtypes.h"
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+krb5_error_code
+krb5int_dk_checksum(const struct krb5_cksumtypes *ctp,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output)
+{
+ const struct krb5_keytypes *ktp;
+ const struct krb5_enc_provider *enc;
+ krb5_error_code ret;
+ unsigned char constantdata[K5CLENGTH];
+ krb5_data datain;
+ krb5_key kc;
+
+ /* Use the key's enctype (more flexible than setting an enctype in ctp). */
+ ktp = find_enctype(key->keyblock.enctype);
+ if (ktp == NULL)
+ return KRB5_BAD_ENCTYPE;
+ enc = ktp->enc;
+ if (key->keyblock.length != enc->keylength)
+ return KRB5_BAD_KEYSIZE;
+
+ /* Derive the key. */
+ datain = make_data(constantdata, K5CLENGTH);
+ store_32_be(usage, constantdata);
+ constantdata[4] = (char) 0x99;
+ ret = krb5int_derive_key(enc, key, &kc, &datain);
+ if (ret)
+ return ret;
+
+ /* Hash the data. */
+ ret = krb5int_hmac(ctp->hash, kc, data, num_data, output);
+ if (ret)
+ memset(output->data, 0, output->length);
+
+ krb5_k_free_key(NULL, kc);
+ return ret;
+}
+
Modified: branches/camellia-ccm/src/lib/crypto/krb/dk/derive.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/derive.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/derive.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -79,8 +79,8 @@
return ENOMEM;
}
-krb5_error_code
-krb5int_derive_random(const struct krb5_enc_provider *enc,
+static krb5_error_code
+derive_random_rfc3961(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
const krb5_data *in_constant)
{
@@ -131,6 +131,88 @@
}
/*
+ * NIST SP800-108 KDF in feedback mode with CMAC as PRF
+ */
+static krb5_error_code
+derive_random_sp800_cmac(const struct krb5_enc_provider *enc,
+ krb5_key inkey, krb5_data *outrnd,
+ const krb5_data *in_constant)
+{
+ size_t blocksize, keybytes, n;
+ krb5_crypto_iov iov[6];
+ krb5_error_code ret;
+ krb5_data prf;
+ unsigned int i;
+ unsigned char ibuf[4], Lbuf[4];
+
+ blocksize = enc->block_size;
+ keybytes = enc->keybytes;
+
+ if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
+ return KRB5_CRYPTO_INTERNAL;
+
+ /* Allocate encryption data buffer. */
+ ret = alloc_data(&prf, blocksize);
+ if (ret)
+ return ret;
+
+ /* K(i-1) */
+ iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[0].data = prf;
+ /* [i]2 */
+ iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[1].data = make_data(ibuf, sizeof(ibuf));
+ /* Label */
+ iov[2].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[2].data = *in_constant;
+ /* 0x00 */
+ iov[3].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[3].data = make_data("", 1);
+ /* Context */
+ iov[4].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[4].data = empty_data();
+ /* [L]2 */
+ iov[5].flags = KRB5_CRYPTO_TYPE_DATA;
+ iov[5].data = make_data(Lbuf, sizeof(Lbuf));
+ store_32_be(outrnd->length, Lbuf);
+
+ for (i = 1, n = 0; n < keybytes; i++) {
+ store_32_be(i, ibuf);
+
+ ret = krb5int_cmac_checksum(enc, inkey, iov, 6, &prf);
+ if (ret)
+ goto cleanup;
+
+ if (keybytes - n <= blocksize) {
+ memcpy(outrnd->data + n, prf.data, keybytes - n);
+ break;
+ }
+
+ memcpy(outrnd->data + n, prf.data, blocksize);
+ n += blocksize;
+ }
+
+cleanup:
+ zapfree(prf.data, blocksize);
+ return ret;
+}
+
+krb5_error_code
+krb5int_derive_random(const struct krb5_enc_provider *enc,
+ krb5_key inkey, krb5_data *outrnd,
+ const krb5_data *in_constant)
+{
+ krb5_error_code ret;
+
+ if (enc->cbc_mac)
+ ret = derive_random_sp800_cmac(enc, inkey, outrnd, in_constant);
+ else
+ ret = derive_random_rfc3961(enc, inkey, outrnd, in_constant);
+
+ return ret;
+}
+
+/*
* Compute a derived key into the keyblock outkey. This variation on
* krb5int_derive_key does not cache the result, as it is only used
* directly in situations which are not expected to be repeated with
Modified: branches/camellia-ccm/src/lib/crypto/krb/dk/dk.h
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/dk.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/dk.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -37,6 +37,10 @@
krb5int_aes_crypto_length(const struct krb5_keytypes *ktp,
krb5_cryptotype type);
+unsigned int
+krb5int_camellia_crypto_length(const struct krb5_keytypes *ktp,
+ krb5_cryptotype type);
+
krb5_error_code
krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
@@ -58,6 +62,13 @@
const krb5_data *params, krb5_keyblock *key);
krb5_error_code
+krb5int_peppered_string_to_key(const struct krb5_keytypes *enc,
+ const krb5_data *string, const krb5_data *salt,
+ const krb5_data *params, krb5_keyblock *key);
+
+#define krb5int_camellia_ccm_string_to_key krb5int_peppered_string_to_key
+
+krb5_error_code
krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
krb5_key inkey,
krb5_keyblock *outkey,
@@ -79,3 +90,29 @@
krb5int_derive_random(const struct krb5_enc_provider *enc,
krb5_key inkey, krb5_data *outrnd,
const krb5_data *in_constant);
+
+unsigned int
+krb5int_dk_ccm_crypto_length(const struct krb5_keytypes *ktp,
+ krb5_cryptotype type);
+
+krb5_error_code
+krb5int_dk_ccm_encrypt(const struct krb5_keytypes *ktp,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data);
+
+krb5_error_code
+krb5int_dk_ccm_decrypt(const struct krb5_keytypes *ktp,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data);
+
+krb5_error_code
+krb5int_dk_cmac_checksum(const struct krb5_cksumtypes *ctp,
+ krb5_key key, krb5_keyusage usage,
+ const krb5_crypto_iov *data, size_t num_data,
+ krb5_data *output);
Modified: branches/camellia-ccm/src/lib/crypto/krb/dk/dk_aead.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/dk_aead.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/dk_aead.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -68,6 +68,24 @@
}
}
+unsigned int
+krb5int_camellia_crypto_length(const struct krb5_keytypes *ktp,
+ krb5_cryptotype type)
+{
+ switch (type) {
+ case KRB5_CRYPTO_TYPE_HEADER:
+ return ktp->enc->block_size;
+ case KRB5_CRYPTO_TYPE_PADDING:
+ return 0;
+ case KRB5_CRYPTO_TYPE_TRAILER:
+ case KRB5_CRYPTO_TYPE_CHECKSUM:
+ return 96 / 8;
+ default:
+ assert(0 && "invalid cryptotype passed to krb5int_camellia_crypto_length");
+ return 0;
+ }
+}
+
krb5_error_code
krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
krb5_keyusage usage, const krb5_data *ivec,
Copied: branches/camellia-ccm/src/lib/crypto/krb/dk/dk_ccm.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/krb/dk/dk_ccm.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/dk_ccm.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/dk_ccm.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,600 @@
+/*
+ * lib/crypto/krb/dk/dk_ccm.c
+ *
+ * Copyright 2008-2010 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "dk.h"
+#include "aead.h"
+
+/*
+ * Implement AEAD_AES_{128,256}_CCM as described in section 5.3 of RFC 5116.
+ *
+ * This is the CCM mode as described in NIST 800-38C, with a 12 byte nonce
+ * and 16 byte checksum. Multiple buffers of the same type are logically
+ * concatenated.
+ *
+ * The IOV should be laid out as follows:
+ *
+ * HEADER | SIGN_DATA | DATA | PADDING | TRAILER
+ *
+ * SIGN_DATA and PADDING may be absent.
+ *
+ * Upon decryption, one can pass in explicit buffers as for encryption, or
+ * one can pass in STREAM, being the concatenation of HEADER | DATA | TRAILER.
+ *
+ * STREAM | SIGN_DATA | DATA
+ *
+ * Upon output, DATA will contain a pointer into the STREAM buffer with the
+ * decrypted payload. SIGN_DATA should be ordered relative to the output DATA
+ * buffer as it was upon encryption.
+ *
+ * For compatibility with RFC 5116, a single key is used both for encryption
+ * and checksumming. The key derivation function is as follows:
+ *
+ * Kc = DK(base-key, usage | 0xCC)
+ *
+ * Again as required by the CCM specification, SIGN_DATA is processed before
+ * DATA for the purpose of checksumming.
+ *
+ * Because the base keys are compatible with RFC 3962, the two encryption
+ * types defined here (ENCTYPE_AES128_CCM_128 and ENCTYPE_AES256_CCM_128)
+ * are most useful in conjunction with RFC 4537.
+ */
+
+#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
+
+#define CCM_FLAG_MASK_Q 0x07
+#define CCM_FLAG_MASK_T 0x38
+#define CCM_FLAG_ADATA 0x40
+#define CCM_FLAG_RESERVED 0x80
+
+unsigned int
+krb5int_dk_ccm_crypto_length(const struct krb5_keytypes *ktp,
+ krb5_cryptotype type)
+{
+ unsigned int length;
+
+ switch (type) {
+ case KRB5_CRYPTO_TYPE_HEADER:
+ length = 12; /* RFC 5116 5.3 */
+ break;
+ case KRB5_CRYPTO_TYPE_PADDING:
+ length = 0; /* CTR mode requires no padding */
+ break;
+ case KRB5_CRYPTO_TYPE_TRAILER:
+ case KRB5_CRYPTO_TYPE_CHECKSUM:
+ length = ktp->enc->block_size;
+ break;
+ default:
+ assert(0 && "invalid cryptotype passed to ccm_crypto_length");
+ length = ~0;
+ break;
+ }
+
+ return length;
+}
+
+static krb5_error_code
+encode_a_len(krb5_data *a, krb5_ui_8 adata_len)
+{
+ size_t len;
+ unsigned char *p;
+
+ if (adata_len > (1LL << 32))
+ len = 10;
+ else if (adata_len > (1LL << 16) - (1LL << 8))
+ len = 6;
+ else if (adata_len)
+ len = 2;
+ else
+ len = 0;
+
+ if (a->length < len)
+ return KRB5_BAD_MSIZE;
+
+ p = (unsigned char *)a->data;
+
+ switch (len) {
+ case 2:
+ p[0] = (adata_len >> 8) & 0xFF;
+ p[1] = (adata_len ) & 0xFF;
+ break;
+ case 6:
+ p[0] = 0xFF;
+ p[1] = 0xFE;
+ p[2] = (adata_len >> 24) & 0xFF;
+ p[3] = (adata_len >> 16) & 0xFF;
+ p[4] = (adata_len >> 8 ) & 0xFF;
+ p[5] = (adata_len ) & 0xFF;
+ break;
+ case 10:
+ p[0] = 0xFF;
+ p[1] = 0xFF;
+ p[2] = (adata_len >> 56) & 0xFF;
+ p[3] = (adata_len >> 48) & 0xFF;
+ p[4] = (adata_len >> 40) & 0xFF;
+ p[5] = (adata_len >> 32) & 0xFF;
+ p[6] = (adata_len >> 24) & 0xFF;
+ p[7] = (adata_len >> 16) & 0xFF;
+ p[8] = (adata_len >> 8 ) & 0xFF;
+ p[9] = (adata_len ) & 0xFF;
+ break;
+ }
+
+ a->length = len;
+
+ return 0;
+}
+
+/*
+ * format_B0() allows the tradeoff between nonce and payload length to
+ * be parameterized by replacing the crypto_length() callback
+ */
+static krb5_error_code
+format_B0(krb5_data *B0, /* B0 */
+ krb5_data *nonce, /* N */
+ size_t trailer_len, /* t */
+ krb5_ui_8 adata_len, /* a */
+ krb5_ui_8 payload_len) /* Q */
+{
+ unsigned char flags;
+ unsigned char *p;
+ krb5_octet q, i = 0;
+
+ if (B0->length != 16)
+ return KRB5_BAD_MSIZE;
+
+ /* SP800-38C A.1: Length Requirements */
+
+ /* t is an elements of {4, 6, 8, 10, 12, 14, 16} */
+ if (trailer_len % 2 ||
+ (trailer_len < 4 || trailer_len > 16))
+ return KRB5_BAD_MSIZE;
+
+ /* n is an element of {7, 8, 9, 10, 11, 12, 13} */
+ if (nonce->length < 7 || nonce->length > 13)
+ return KRB5_BAD_MSIZE;
+
+ q = 15 - nonce->length;
+
+ /* P consists of fewer than 2^(8q) octets */
+ if (payload_len >= (1UL << (8 * q)))
+ return KRB5_BAD_MSIZE;
+
+ /* SP800-38C A.1: Formatting of the Control Information and the Nonce */
+ flags = q - 1;
+ flags |= (((trailer_len - 2) / 2) << 3);
+ if (adata_len != 0)
+ flags |= CCM_FLAG_ADATA;
+
+ p = (unsigned char *)B0->data;
+ p[i++] = flags;
+
+ memcpy(&p[i], nonce->data, nonce->length);
+ i += nonce->length;
+
+ for (; i < B0->length; i++) {
+ register krb5_octet s;
+
+ s = (q - (i - nonce->length)) * 8;
+
+ p[i] = (payload_len >> s) & 0xFF;
+ }
+
+ return 0;
+}
+
+/*
+ * Format initial counter block. Counter may be chained
+ * across invocations.
+ */
+static krb5_error_code
+format_Ctr0(krb5_data *counter,
+ const krb5_data *nonce,
+ const krb5_data *state,
+ unsigned int n)
+{
+ krb5_octet q; /* counter length */
+
+ assert(n >= 7 && n <= 13);
+
+ q = 15 - n;
+ counter->data[0] = q - 1;
+ memcpy(&counter->data[1], nonce->data, n);
+
+ if (state != NULL)
+ memcpy(&counter->data[1 + n], &state->data[1 + n], q);
+ else
+ memset(&counter->data[1 + n], 0, q);
+
+ return 0;
+}
+
+static krb5_boolean
+valid_payload_length_p(const struct krb5_keytypes *ktp,
+ unsigned int n,
+ unsigned int payload_len)
+{
+ unsigned int block_size = ktp->enc->block_size;
+ unsigned int nblocks, maxblocks;
+ krb5_octet q;
+
+ assert(n >= 7 && n <= 13);
+
+ q = 15 - n;
+
+ maxblocks = (1U << (8 * q)) - 1 /* tag */;
+
+ nblocks = (payload_len + block_size - 1) / block_size;
+
+ return (nblocks <= maxblocks);
+}
+
+static krb5_error_code
+ccm_encrypt(const struct krb5_keytypes *ktp,
+ krb5_key kc,
+ krb5_keyusage usage,
+ const krb5_data *state,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ krb5_error_code ret;
+ krb5_crypto_iov *header, *trailer, *sign_data = NULL;
+ size_t i, num_sign_data = 0;
+ unsigned int header_len;
+ unsigned int trailer_len;
+ size_t payload_len = 0;
+ size_t adata_len = 0;
+ char adata_len_buf[6];
+ unsigned char B0[16], Ctr[16];
+ krb5_data counter = make_data((char *)Ctr, sizeof(Ctr));
+
+ header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+
+ header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+ if (header == NULL || header->data.length < header_len) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+
+ trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+ trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+ if (trailer == NULL || trailer->data.length < trailer_len) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+
+ for (i = 0; i < num_data; i++) {
+ krb5_crypto_iov *iov = &data[i];
+
+ switch (iov->flags) {
+ case KRB5_CRYPTO_TYPE_DATA:
+ payload_len += iov->data.length;
+ break;
+ case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+ adata_len += iov->data.length;
+ break;
+ case KRB5_CRYPTO_TYPE_PADDING:
+ iov->data.length = 0;
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (!valid_payload_length_p(ktp, header_len, payload_len)) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+
+ header->data.length = header_len;
+ trailer->data.length = trailer_len;
+
+ /* Initialize nonce */
+ ret = krb5_c_random_make_octets(NULL, &header->data);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Initialize counter block */
+ ret = format_Ctr0(&counter, &header->data, state, header_len);
+ if (ret != 0)
+ goto cleanup;
+
+ sign_data = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
+ if (sign_data == NULL)
+ goto cleanup;
+
+ sign_data[num_sign_data].flags = KRB5_CRYPTO_TYPE_HEADER;
+ sign_data[num_sign_data].data = make_data((char *)B0, sizeof(B0));
+ ret = format_B0(&sign_data[num_sign_data].data, &header->data, trailer_len,
+ (krb5_ui_8)adata_len, (krb5_ui_8)payload_len);
+ if (ret != 0)
+ goto cleanup;
+ num_sign_data++;
+
+ /* Include length of associated data in CBC-MAC */
+ sign_data[num_sign_data].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+ sign_data[num_sign_data].data = make_data(adata_len_buf, sizeof(adata_len_buf));
+ ret = encode_a_len(&sign_data[num_sign_data].data, (krb5_ui_8)adata_len);
+ if (ret != 0)
+ goto cleanup;
+ num_sign_data++;
+
+ /* Reorder input IOV so SIGN_ONLY data is before DATA */
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
+ sign_data[num_sign_data++] = data[i];
+ }
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags == KRB5_CRYPTO_TYPE_DATA)
+ sign_data[num_sign_data++] = data[i];
+ }
+
+ assert(ktp->enc->encrypt != NULL);
+ assert(ktp->enc->cbc_mac != NULL);
+
+ /* Make checksum and place in trailer */
+ ret = ktp->enc->cbc_mac(kc, sign_data, num_sign_data, NULL, &trailer->data);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Encrypt checksum in trailer */
+ {
+ krb5_crypto_iov cksum[1];
+
+ cksum[0].flags = KRB5_CRYPTO_TYPE_DATA;
+ cksum[0].data = trailer->data;
+
+ ret = ktp->enc->encrypt(kc, &counter, cksum, 1);
+ if (ret != 0)
+ goto cleanup;
+ }
+
+ /* Don't encrypt B0 (header), but encrypt everything else */
+ ret = ktp->enc->encrypt(kc, &counter, data, num_data);
+ if (ret != 0)
+ goto cleanup;
+
+ if (state != NULL)
+ memcpy(state->data, counter.data, counter.length);
+
+cleanup:
+ free(sign_data);
+
+ return ret;
+}
+
+krb5_error_code
+krb5int_dk_ccm_encrypt(const struct krb5_keytypes *ktp,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *state,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ unsigned char constantdata[K5CLENGTH];
+ krb5_error_code ret;
+ krb5_key kc;
+ krb5_data d1;
+
+ d1.data = (char *)constantdata;
+ d1.length = K5CLENGTH;
+
+ d1.data[0] = (usage >> 24) & 0xFF;
+ d1.data[1] = (usage >> 16) & 0xFF;
+ d1.data[2] = (usage >> 8 ) & 0xFF;
+ d1.data[3] = (usage ) & 0xFF;
+
+ d1.data[4] = 0xCC;
+
+ ret = krb5int_derive_key(ktp->enc, key, &kc, &d1);
+ if (ret != 0)
+ return ret;
+
+ ret = ccm_encrypt(ktp, kc, usage, state, data, num_data);
+
+ krb5_k_free_key(NULL, kc);
+
+ return ret;
+}
+
+static krb5_error_code
+ccm_decrypt(const struct krb5_keytypes *ktp,
+ krb5_key kc,
+ krb5_keyusage usage,
+ const krb5_data *state,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ krb5_error_code ret;
+ krb5_crypto_iov *header, *trailer, *sign_data = NULL;
+ size_t i, num_sign_data = 0;
+ unsigned int header_len;
+ unsigned int trailer_len;
+ size_t adata_len = 0;
+ size_t payload_len = 0;
+ char adata_len_buf[6];
+ unsigned char B0[16], Ctr[16];
+ krb5_data made_cksum = empty_data();
+ krb5_data counter = make_data((char *)Ctr, sizeof(Ctr));
+
+ header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+
+ header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+ if (header == NULL || header->data.length != header_len) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+
+ trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+
+ trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+ if (trailer == NULL || trailer->data.length != trailer_len) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+
+ for (i = 0; i < num_data; i++) {
+ krb5_crypto_iov *iov = &data[i];
+
+ switch (iov->flags) {
+ case KRB5_CRYPTO_TYPE_DATA:
+ payload_len += iov->data.length;
+ break;
+ case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+ adata_len += iov->data.length;
+ break;
+ case KRB5_CRYPTO_TYPE_PADDING:
+ if (iov->data.length != 0) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (!valid_payload_length_p(ktp, header_len, payload_len)) {
+ ret = KRB5_BAD_MSIZE;
+ goto cleanup;
+ }
+
+ /* Initialize counter block */
+ ret = format_Ctr0(&counter, &header->data, state, header_len);
+ if (ret != 0)
+ goto cleanup;
+
+ sign_data = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
+ if (sign_data == NULL)
+ goto cleanup;
+
+ sign_data[num_sign_data].flags = KRB5_CRYPTO_TYPE_HEADER;
+ sign_data[num_sign_data].data = make_data((char *)B0, sizeof(B0));
+ ret = format_B0(&sign_data[num_sign_data].data, &header->data, trailer_len,
+ (krb5_ui_8)adata_len, (krb5_ui_8)payload_len);
+ if (ret != 0)
+ goto cleanup;
+ num_sign_data++;
+
+ /* Include length of associated data in CBC-MAC */
+ sign_data[num_sign_data].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+ sign_data[num_sign_data].data = make_data(adata_len_buf, sizeof(adata_len_buf));
+ ret = encode_a_len(&sign_data[num_sign_data].data, (krb5_ui_8)adata_len);
+ if (ret != 0)
+ goto cleanup;
+ num_sign_data++;
+
+ assert(ktp->enc->decrypt != NULL);
+ assert(ktp->enc->cbc_mac != NULL);
+
+ made_cksum.data = k5alloc(trailer_len, &ret);
+ if (made_cksum.data == NULL)
+ goto cleanup;
+ made_cksum.length = trailer_len;
+
+ /* Decrypt checksum from trailer */
+ {
+ krb5_crypto_iov got_cksum[1];
+
+ got_cksum[0].flags = KRB5_CRYPTO_TYPE_DATA;
+ got_cksum[0].data = trailer->data;
+
+ ret = ktp->enc->decrypt(kc, &counter, got_cksum, 1);
+ if (ret != 0)
+ goto cleanup;
+ }
+
+ /* Don't decrypt B0 (header), but decrypt everything else */
+ ret = ktp->enc->decrypt(kc, &counter, data, num_data);
+ if (ret != 0)
+ goto cleanup;
+
+ /* Reorder input IOV so SIGN_ONLY data is before DATA */
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
+ sign_data[num_sign_data++] = data[i];
+ }
+ for (i = 0; i < num_data; i++) {
+ if (data[i].flags == KRB5_CRYPTO_TYPE_DATA)
+ sign_data[num_sign_data++] = data[i];
+ }
+
+ /* Now, calculate hash for comparison (including B0) */
+ ret = ktp->enc->cbc_mac(kc, sign_data, num_sign_data, NULL, &made_cksum);
+ if (ret != 0)
+ goto cleanup;
+
+ if (made_cksum.length != trailer->data.length ||
+ memcmp(made_cksum.data, trailer->data.data, trailer->data.length) != 0) {
+ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto cleanup;
+ }
+
+ if (state != NULL)
+ memcpy(state->data, counter.data, counter.length);
+
+cleanup:
+ free(made_cksum.data);
+ free(sign_data);
+
+ return ret;
+}
+
+krb5_error_code
+krb5int_dk_ccm_decrypt(const struct krb5_keytypes *ktp,
+ krb5_key key,
+ krb5_keyusage usage,
+ const krb5_data *state,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ unsigned char constantdata[K5CLENGTH];
+ krb5_error_code ret;
+ krb5_key kc;
+ krb5_data d1;
+
+ d1.data = (char *)constantdata;
+ d1.length = K5CLENGTH;
+
+ d1.data[0] = (usage >> 24) & 0xFF;
+ d1.data[1] = (usage >> 16) & 0xFF;
+ d1.data[2] = (usage >> 8 ) & 0xFF;
+ d1.data[3] = (usage ) & 0xFF;
+
+ d1.data[4] = 0xCC;
+
+ ret = krb5int_derive_key(ktp->enc, key, &kc, &d1);
+ if (ret != 0)
+ return ret;
+
+ ret = ccm_decrypt(ktp, kc, usage, state, data, num_data);
+
+ krb5_k_free_key(NULL, kc);
+
+ return ret;
+}
+
Modified: branches/camellia-ccm/src/lib/crypto/krb/dk/stringtokey.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/dk/stringtokey.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/dk/stringtokey.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -103,18 +103,20 @@
#define DEFAULT_ITERATION_COUNT 4096 /* was 0xb000L in earlier drafts */
#define MAX_ITERATION_COUNT 0x1000000L
-krb5_error_code
-krb5int_aes_string_to_key(const struct krb5_keytypes *ktp,
- const krb5_data *string,
- const krb5_data *salt,
- const krb5_data *params,
- krb5_keyblock *key)
+static krb5_error_code
+pbkdf2_string_to_key(const struct krb5_keytypes *ktp,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *pepper,
+ const krb5_data *params,
+ krb5_keyblock *key)
{
unsigned long iter_count;
krb5_data out;
static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
krb5_key tempkey = NULL;
krb5_error_code err;
+ krb5_data sandp = empty_data();
if (params) {
unsigned char *p = (unsigned char *) params->data;
@@ -142,6 +144,18 @@
if (out.length != 16 && out.length != 32)
return KRB5_CRYPTO_INTERNAL;
+ if (pepper != NULL) {
+ err = alloc_data(&sandp, pepper->length + 1 + salt->length);
+ if (err)
+ return err;
+
+ memcpy(sandp.data, pepper->data, pepper->length);
+ sandp.data[pepper->length] = '\0';
+ memcpy(&sandp.data[pepper->length + 1], salt->data, salt->length);
+
+ salt = &sandp;
+ }
+
err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
if (err)
goto cleanup;
@@ -153,8 +167,33 @@
err = krb5int_derive_keyblock(ktp->enc, tempkey, key, &usage);
cleanup:
+ if (sandp.data)
+ free(sandp.data);
if (err)
memset (out.data, 0, out.length);
krb5_k_free_key (NULL, tempkey);
return err;
}
+
+krb5_error_code
+krb5int_aes_string_to_key(const struct krb5_keytypes *ktp,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key)
+{
+ return pbkdf2_string_to_key(ktp, string, salt, NULL, params, key);
+}
+
+krb5_error_code
+krb5int_peppered_string_to_key(const struct krb5_keytypes *ktp,
+ const krb5_data *string,
+ const krb5_data *salt,
+ const krb5_data *params,
+ krb5_keyblock *key)
+{
+ krb5_data pepper = string2data(ktp->name);
+
+ return pbkdf2_string_to_key(ktp, string, salt, &pepper, params, key);
+}
+
Modified: branches/camellia-ccm/src/lib/crypto/krb/etypes.c
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/etypes.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/etypes.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -153,6 +153,26 @@
krb5int_dk_prf,
CKSUMTYPE_HMAC_SHA1_96_AES256,
0 /*flags*/ },
+ { ENCTYPE_CAMELLIA128_CCM_128,
+ "camellia128-ccm-128", { "camellia128-ccm" },
+ "Camellia-128 CCM mode with 128-bit MAC",
+ &krb5int_enc_camellia128_ctr, NULL,
+ 16,
+ krb5int_dk_ccm_crypto_length, krb5int_dk_ccm_encrypt, krb5int_dk_ccm_decrypt,
+ krb5int_camellia_ccm_string_to_key,
+ krb5int_dk_cmac_prf,
+ CKSUMTYPE_CMAC_128_CAMELLIA128,
+ 0 /*flags*/ },
+ { ENCTYPE_CAMELLIA256_CCM_128,
+ "camellia256-ccm-128", { "camellia256-ccm" },
+ "Camellia-256 CCM mode with 128-bit MAC",
+ &krb5int_enc_camellia256_ctr, NULL,
+ 16,
+ krb5int_dk_ccm_crypto_length, krb5int_dk_ccm_encrypt, krb5int_dk_ccm_decrypt,
+ krb5int_camellia_ccm_string_to_key,
+ krb5int_dk_cmac_prf,
+ CKSUMTYPE_CMAC_128_CAMELLIA256,
+ 0 /*flags */ },
};
const int krb5int_enctypes_length =
Modified: branches/camellia-ccm/src/lib/crypto/krb/prf/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/prf/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/prf/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -14,13 +14,13 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-STLIBOBJS= des_prf.o dk_prf.o rc4_prf.o
+STLIBOBJS= des_prf.o dk_prf.o rc4_prf.o cmac_prf.o
OBJS= $(OUTPRE)des_prf.$(OBJEXT) $(OUTPRE)dk_prf.$(OBJEXT) \
- $(OUTPRE)rc4_prf.$(OBJEXT)
+ $(OUTPRE)rc4_prf.$(OBJEXT) $(OUTPRE)cmac_prf.$(OBJEXT)
SRCS= $(srcdir)/des_prf.c $(srcdir)/dk_prf.c \
- $(srcdir)/rc4_prf.c
+ $(srcdir)/rc4_prf.c $(srcdir)/cmac_prf.c
##DOS##LIBOBJS = $(OBJS)
Copied: branches/camellia-ccm/src/lib/crypto/krb/prf/cmac_prf.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/krb/prf/cmac_prf.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/prf/cmac_prf.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/krb/prf/cmac_prf.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,65 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/krb/prf/cmac_prf.c
+ *
+ * Copyright (C) 2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ *
+ * This file contains an implementation of the RFC 3961 PRF for
+ *simplified profile enctypes.
+ */
+
+#include "prf_int.h"
+#include <dk.h>
+
+krb5_error_code
+krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
+ const krb5_data *in, krb5_data *out)
+{
+ krb5_crypto_iov iov;
+ krb5_data prfconst = make_data("prf", 3);
+ krb5_key kp = NULL;
+ krb5_error_code ret;
+
+ if (ktp->prf_length != ktp->enc->block_size)
+ return KRB5_BAD_MSIZE;
+
+ iov.flags = KRB5_CRYPTO_TYPE_DATA;
+ iov.data = *in;
+
+ /* Derive a key using the PRF constant. */
+ ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst);
+ if (ret != 0)
+ goto cleanup;
+
+ /* PRF is CMAC of input */
+ ret = krb5int_cmac_checksum(ktp->enc, kp, &iov, 1, out);
+ if (ret != 0)
+ goto cleanup;
+
+cleanup:
+ krb5_k_free_key(NULL, kp);
+ return ret;
+}
+
Modified: branches/camellia-ccm/src/lib/crypto/krb/prf/prf_int.h
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/prf/prf_int.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/prf/prf_int.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -43,4 +43,8 @@
krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key,
const krb5_data *in, krb5_data *out);
+krb5_error_code
+krb5int_dk_cmac_prf(const struct krb5_keytypes *ktp, krb5_key key,
+ const krb5_data *in, krb5_data *out);
+
#endif /*PRF_INTERNAL_DEFS*/
Modified: branches/camellia-ccm/src/lib/crypto/krb/rand2key/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/rand2key/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/rand2key/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -10,13 +10,15 @@
PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
-STLIBOBJS= aes_rand2key.o des_rand2key.o des3_rand2key.o rc4_rand2key.o
+STLIBOBJS= aes_rand2key.o des_rand2key.o des3_rand2key.o rc4_rand2key.o camellia_rand2key.o
OBJS= $(OUTPRE)aes_rand2key.$(OBJEXT) $(OUTPRE)des_rand2key.$(OBJEXT) \
- $(OUTPRE)des3_rand2key.$(OBJEXT) $(OUTPRE)rc4_rand2key.$(OBJEXT)
+ $(OUTPRE)des3_rand2key.$(OBJEXT) $(OUTPRE)rc4_rand2key.$(OBJEXT) \
+ $(OUTPRE)camellia_rand2key.$(OBJEXT)
SRCS= $(srcdir)/aes_rand2key.c $(srcdir)/des_rand2key.c \
- $(srcdir)/des3_rand2key.c $(srcdir)/rc4_rand2key.c
+ $(srcdir)/des3_rand2key.c $(srcdir)/rc4_rand2key.c \
+ $(srcdir)/camellia_rand2key.c
##DOS##LIBOBJS = $(OBJS)
Copied: branches/camellia-ccm/src/lib/crypto/krb/rand2key/camellia_rand2key.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/krb/rand2key/camellia_rand2key.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/rand2key/camellia_rand2key.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/krb/rand2key/camellia_rand2key.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,43 @@
+/*
+ * lib/crypto/krb/rand2key/camellia_rand2key.c
+ *
+ * Copyright (c) 2009
+ * NTT (Nippon Telegraph and Telephone Corporation) . All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "rand2key.h"
+
+krb5_error_code
+krb5int_camellia_make_key(const krb5_data *randombits, krb5_keyblock *key)
+{
+ if (key->length != 16 && key->length != 32)
+ return(KRB5_BAD_KEYSIZE);
+ if (randombits->length != key->length)
+ return(KRB5_CRYPTO_INTERNAL);
+
+ key->magic = KV5M_KEYBLOCK;
+
+ memcpy(key->contents, randombits->data, randombits->length);
+
+ return(0);
+}
Modified: branches/camellia-ccm/src/lib/crypto/krb/rand2key/rand2key.h
===================================================================
--- branches/camellia-ccm/src/lib/crypto/krb/rand2key/rand2key.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/krb/rand2key/rand2key.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -14,3 +14,6 @@
krb5_error_code
krb5int_aes_make_key(const krb5_data *randombits, krb5_keyblock *key);
+
+krb5_error_code
+krb5int_camellia_make_key(const krb5_data *randombits, krb5_keyblock *key);
Modified: branches/camellia-ccm/src/lib/crypto/libk5crypto.exports
===================================================================
--- branches/camellia-ccm/src/lib/crypto/libk5crypto.exports 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/libk5crypto.exports 2010-07-29 21:17:30 UTC (rev 24219)
@@ -95,3 +95,4 @@
krb5int_aes_decrypt
krb5int_enc_des3
krb5int_arcfour_gsscrypt
+krb5int_camellia_cbc_mac
Modified: branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/Makefile.in
===================================================================
--- branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -3,6 +3,7 @@
LOCALINCLUDES = -I$(srcdir)/../des \
-I$(srcdir)/../arcfour \
-I$(srcdir)/../aes \
+ -I$(srcdir)/../camellia \
-I$(srcdir)/../../krb \
-I$(srcdir)/../../krb/rand2key \
-I$(srcdir)/.. -I$(srcdir)/.
@@ -19,18 +20,25 @@
des.o \
des3.o \
rc4.o \
- aes.o
+ aes.o \
+ camellia_ctr.o
OBJS= \
$(OUTPRE)des.$(OBJEXT) \
$(OUTPRE)des3.$(OBJEXT) \
$(OUTPRE)aes.$(OBJEXT) \
+ $(OUTPRE)aes_ctr.$(OBJEXT) \
+ $(OUTPRE)camellia.$(OBJEXT) \
+ $(OUTPRE)camellia_ctr.$(OBJEXT) \
$(OUTPRE)rc4.$(OBJEXT)
SRCS= \
$(srcdir)/des.c \
$(srcdir)/des3.c \
$(srcdir)/aes.c \
+ $(srcdir)/aes_ctr.c \
+ $(srcdir)/camellia.c \
+ $(srcdir)/camellia_ctr.c\
$(srcdir)/rc4.c
##DOS##LIBOBJS = $(OBJS)
Copied: branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/camellia_ctr.c (from rev 24217, users/lhoward/camellia-ccm/src/lib/crypto/openssl/enc_provider/camellia_ctr.c)
===================================================================
--- branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/camellia_ctr.c (rev 0)
+++ branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/camellia_ctr.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -0,0 +1,194 @@
+/*
+ * lib/crypto/openssl/enc_provider/camellia_ctr.c
+ *
+ * Copyright (C) 2003, 2007-2010 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ */
+
+#include "k5-int.h"
+#include "enc_provider.h"
+#include "rand2key.h"
+#include "aead.h"
+#include "hash_provider/hash_provider.h"
+#include <openssl/evp.h>
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+#define NUM_BITS 8
+
+static void
+xorblock(unsigned char *out, const unsigned char *in)
+{
+ int z;
+ for (z = 0; z < CAMELLIA_BLOCK_SIZE/4; z++) {
+ unsigned char *outptr = &out[z*4];
+ unsigned char *inptr = (unsigned char *)&in[z*4];
+ /*
+ * Use unaligned accesses. On x86, this will probably still be faster
+ * than multiple byte accesses for unaligned data, and for aligned data
+ * should be far better. (One test indicated about 2.4% faster
+ * encryption for 1024-byte messages.)
+ *
+ * If some other CPU has really slow unaligned-word or byte accesses,
+ * perhaps this function (or the load/store helpers?) should test for
+ * alignment first.
+ *
+ * If byte accesses are faster than unaligned words, we may need to
+ * conditionalize on CPU type, as that may be hard to determine
+ * automatically.
+ */
+ store_32_n (load_32_n(outptr) ^ load_32_n(inptr), outptr);
+ }
+}
+
+/*
+ * ivec must be a correctly formatted counter block per SP800-38C A.3
+ */
+static krb5_error_code
+krb5int_camellia_encrypt_ctr(krb5_key key,
+ const krb5_data *ivec,
+ krb5_crypto_iov *data,
+ size_t num_data)
+{
+ CAMELLIA_KEY enck;
+ unsigned char ctr[CAMELLIA_BLOCK_SIZE];
+ krb5_ui_8 blockno;
+ struct iov_block_state input_pos, output_pos;
+
+ Camellia_set_key(key->keyblock.contents,
+ NUM_BITS * key->keyblock.length, &enck);
+
+ IOV_BLOCK_STATE_INIT(&input_pos);
+ IOV_BLOCK_STATE_INIT(&output_pos);
+
+ /* Don't encrypt the header (B0), and use zero instead of IOV padding */
+ input_pos.ignore_header = output_pos.ignore_header = 1;
+ input_pos.pad_to_boundary = output_pos.pad_to_boundary = 1;
+
+ assert(ivec != NULL);
+
+ if (ivec->length != CAMELLIA_BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+ memcpy(ctr, ivec->data, CAMELLIA_BLOCK_SIZE);
+
+ for (blockno = 0; ; blockno++) {
+ unsigned char storage[CAMELLIA_BLOCK_SIZE], *block;
+ unsigned char ectr[CAMELLIA_BLOCK_SIZE];
+ unsigned int num = 0;
+
+ if (!krb5int_c_iov_get_block_nocopy(storage, CAMELLIA_BLOCK_SIZE,
+ data, num_data, &input_pos, &block))
+ break;
+
+ /* We should not need to initialise ectr because we're on a block boundary. */
+ Camellia_ctr128_encrypt(block, block, CAMELLIA_BLOCK_SIZE, &enck, ctr, ectr, &num);
+ assert(num == 0);
+ krb5int_c_iov_put_block_nocopy(data, num_data, storage,
+ CAMELLIA_BLOCK_SIZE, &output_pos, block);
+ }
+
+ if (ivec != NULL)
+ memcpy(ivec->data, ctr, sizeof(ctr));
+
+ return 0;
+}
+
+static krb5_error_code
+krb5int_camellia_cbc_mac(krb5_key key,
+ const krb5_crypto_iov *data,
+ size_t num_data,
+ const krb5_data *iv,
+ krb5_data *output)
+{
+ CAMELLIA_KEY enck;
+ unsigned char blockY[CAMELLIA_BLOCK_SIZE];
+ struct iov_block_state iov_state;
+
+ if (output->length < CAMELLIA_BLOCK_SIZE)
+ return KRB5_BAD_MSIZE;
+
+ Camellia_set_key(key->keyblock.contents,
+ NUM_BITS * key->keyblock.length, &enck);
+
+ if (iv != NULL)
+ memcpy(blockY, iv->data, CAMELLIA_BLOCK_SIZE);
+ else
+ memset(blockY, 0, CAMELLIA_BLOCK_SIZE);
+
+ IOV_BLOCK_STATE_INIT(&iov_state);
+
+ /*
+ * The CCM header may not fit in a block, because it includes a variable
+ * length encoding of the associated data length. This encoding plus the
+ * associated data itself is padded to the block size.
+ */
+ iov_state.include_sign_only = 1;
+ iov_state.pad_to_boundary = 1;
+
+ for (;;) {
+ unsigned char blockB[CAMELLIA_BLOCK_SIZE];
+
+ if (!krb5int_c_iov_get_block(blockB, CAMELLIA_BLOCK_SIZE, data, num_data, &iov_state))
+ break;
+
+ xorblock(blockB, blockY);
+
+ Camellia_ecb_encrypt(blockB, blockY, &enck, 1);
+ }
+
+ output->length = CAMELLIA_BLOCK_SIZE;
+ memcpy(output->data, blockY, CAMELLIA_BLOCK_SIZE);
+
+ return 0;
+}
+
+static krb5_error_code
+krb5int_camellia_init_state_ctr (const krb5_keyblock *key, krb5_keyusage usage,
+ krb5_data *state)
+{
+ return alloc_data(state, 16);
+}
+
+const struct krb5_enc_provider krb5int_enc_camellia128_ctr = {
+ 16,
+ 16, 16,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ krb5int_camellia_init_state_ctr,
+ krb5int_default_free_state,
+ NULL
+};
+
+const struct krb5_enc_provider krb5int_enc_camellia256_ctr = {
+ 16,
+ 32, 32,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_encrypt_ctr,
+ krb5int_camellia_cbc_mac,
+ krb5int_camellia_make_key,
+ krb5int_camellia_init_state_ctr,
+ krb5int_default_free_state,
+ NULL
+};
Modified: branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/enc_provider.h
===================================================================
--- branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/enc_provider.h 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/crypto/openssl/enc_provider/enc_provider.h 2010-07-29 21:17:30 UTC (rev 24219)
@@ -34,3 +34,5 @@
extern const struct krb5_enc_provider krb5int_enc_aes256;
extern const struct krb5_enc_provider krb5int_enc_aes128_ctr;
extern const struct krb5_enc_provider krb5int_enc_aes256_ctr;
+extern const struct krb5_enc_provider krb5int_enc_camellia128_ctr;
+extern const struct krb5_enc_provider krb5int_enc_camellia256_ctr;
Modified: branches/camellia-ccm/src/lib/krb5/krb/init_ctx.c
===================================================================
--- branches/camellia-ccm/src/lib/krb5/krb/init_ctx.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/krb5/krb/init_ctx.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -430,6 +430,9 @@
mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list);
} else if (strcasecmp(token, "rc4") == 0) {
mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list);
+ } else if (strcasecmp(token, "camellia") == 0) {
+ mod_list(ENCTYPE_CAMELLIA256_CCM_128, sel, weak, &list);
+ mod_list(ENCTYPE_CAMELLIA128_CCM_128, sel, weak, &list);
} else if (krb5_string_to_enctype(token, &etype) == 0) {
/* Set a specific enctype. */
mod_list(etype, sel, weak, &list);
Modified: branches/camellia-ccm/src/lib/krb5/krb/t_etypes.c
===================================================================
--- branches/camellia-ccm/src/lib/krb5/krb/t_etypes.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/lib/krb5/krb/t_etypes.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -98,6 +98,12 @@
ENCTYPE_DES3_CBC_SHA1, 0 },
0, 0
},
+ /* Family with enctype removed */
+ { "camellia -camellia256-ccm-128",
+ { 0 },
+ { ENCTYPE_CAMELLIA128_CCM_128, 0 },
+ { ENCTYPE_CAMELLIA128_CCM_128, 0 }
+ },
/* Enctype followed by two families */
{ "+rc4-hmAC des3 +des",
{ 0 },
Modified: branches/camellia-ccm/src/tests/dejagnu/config/default.exp
===================================================================
--- branches/camellia-ccm/src/tests/dejagnu/config/default.exp 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/tests/dejagnu/config/default.exp 2010-07-29 21:17:30 UTC (rev 24219)
@@ -261,6 +261,30 @@
{dummy=[verbose -log \
"DES3 TGT, KDC permitting only des-cbc-crc"]}
}
+ {
+ camellia-only
+ mode=udp
+ des3_krbtgt=0
+ {supported_enctypes=camellia256-ccm:normal}
+ {permitted_enctypes(kdc)=camellia256-ccm}
+ {permitted_enctypes(slave)=camellia256-ccm}
+ {permitted_enctypes(client)=camellia256-ccm}
+ {permitted_enctypes(server)=camellia256-ccm}
+ {default_tgs_enctypes(kdc)=camellia256-ccm}
+ {default_tgs_enctypes(slave)=camellia256-ccm}
+ {default_tgs_enctypes(client)=camellia256-ccm}
+ {default_tgs_enctypes(server)=camellia256-ccm}
+ {default_tkt_enctypes(kdc)=camellia256-ccm}
+ {default_tkt_enctypes(slave)=camellia256-ccm}
+ {default_tkt_enctypes(client)=camellia256-ccm}
+ {default_tkt_enctypes(server)=camellia256-ccm}
+ {allow_weak_crypto(kdc)=false}
+ {allow_weak_crypto(slave)=false}
+ {allow_weak_crypto(client)=false}
+ {allow_weak_crypto(server)=false}
+ {master_key_type=camellia256-ccm}
+ {dummy=[verbose -log "Camellia-256 enctype"]}
+ }
}
# des.md5-tgt is set as unused, since it won't trigger the error case
Modified: branches/camellia-ccm/src/util/collected-client-lib/Makefile.in
===================================================================
--- branches/camellia-ccm/src/util/collected-client-lib/Makefile.in 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/util/collected-client-lib/Makefile.in 2010-07-29 21:17:30 UTC (rev 24219)
@@ -51,6 +51,7 @@
../../lib/crypto/@CRYPTO_IMPL@/sha1/OBJS.ST \
../../lib/crypto/@CRYPTO_IMPL@/arcfour/OBJS.ST \
../../lib/crypto/@CRYPTO_IMPL@/aes/OBJS.ST \
+ ../../lib/crypto/@CRYPTO_IMPL@/camellia/OBJS.ST \
../../lib/crypto/krb/yarrow/OBJS.ST \
../../lib/crypto/krb/OBJS.ST \
../../lib/crypto/@CRYPTO_IMPL@/OBJS.ST \
Modified: branches/camellia-ccm/src/util/k5test.py
===================================================================
--- branches/camellia-ccm/src/util/k5test.py 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/util/k5test.py 2010-07-29 21:17:30 UTC (rev 24219)
@@ -1013,6 +1013,16 @@
'supported_enctypes' : 'aes128-cts:normal',
'master_key_type' : 'aes128-cts'}}}}),
+ # Exercise the camellia256-ccm enctype.
+ ('camellia256', None,
+ {'all' : {'libdefaults' : {
+ 'default_tgs_enctypes' : 'camellia256-ccm',
+ 'default_tkt_enctypes' : 'camellia256-ccm',
+ 'permitted_enctypes' : 'camellia256-ccm'}}},
+ {'master' : {'realms' : {'$realm' : {
+ 'supported_enctypes' : 'camellia256-ccm:normal',
+ 'master_key_type' : 'camellia256-ccm'}}}}),
+
# Test a setup with modern principal keys but an old TGT key.
('aes256.destgt', 'des-cbc-crc:normal',
{'all' : {'libdefaults' : {'allow_weak_crypto' : 'true'}}},
Modified: branches/camellia-ccm/src/windows/identity/plugins/krb5/datarep.c
===================================================================
--- branches/camellia-ccm/src/windows/identity/plugins/krb5/datarep.c 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/windows/identity/plugins/krb5/datarep.c 2010-07-29 21:17:30 UTC (rev 24219)
@@ -93,6 +93,14 @@
resid = IDS_ETYPE_AES256_CTS_HMAC_SHA1_96;
break;
+ case ENCTYPE_CAMELLIA128_CCM_128:
+ resid = IDS_ETYPE_CAMELLIA128_CCM_128;
+ break;
+
+ case ENCTYPE_CAMELLIA256_CCM_128:
+ resid = IDS_ETYPE_CAMELLIA256_CCM_128;
+ break;
+
case ENCTYPE_ARCFOUR_HMAC:
resid = IDS_ETYPE_ARCFOUR_HMAC;
break;
Modified: branches/camellia-ccm/src/windows/identity/plugins/krb5/lang/en_us/langres.rc
===================================================================
--- branches/camellia-ccm/src/windows/identity/plugins/krb5/lang/en_us/langres.rc 2010-07-29 21:13:32 UTC (rev 24218)
+++ branches/camellia-ccm/src/windows/identity/plugins/krb5/lang/en_us/langres.rc 2010-07-29 21:17:30 UTC (rev 24219)
@@ -364,6 +364,8 @@
IDS_ETYPE_DES3_CBC_SHA1 "DES3-CBC-SHA1"
IDS_ETYPE_AES128_CTS_HMAC_SHA1_96 "AES128_CTS-HMAC-SHA1_96"
IDS_ETYPE_AES256_CTS_HMAC_SHA1_96 "AES256_CTS-HMAC-SHA1_96"
+ IDS_ETYPE_CAMELLIA128_CCM_128 "CAMELLIA128_CCM-128"
+ IDS_ETYPE_CAMELLIA256_CCM_128 "CAMELLIA256_CCM-128"
IDS_ETYPE_ARCFOUR_HMAC "RC4-HMAC-NT"
IDS_ETYPE_ARCFOUR_HMAC_EXP "RC4-HMAC-NT-EXP"
IDS_ETYPE_UNKNOWN "(Unknown)"
More information about the cvs-krb5
mailing list